Subscribe

Breaking the 'cyber kill chain'

Michelle Avenant
By Michelle Avenant, portals journalist.
Johannesburg, 18 Jun 2015

Cyber attacks can be broken down into distinct phases, says Jayson O'Reilly, director of sales and innovation at DRS, drawing on Lockheed Martin's theory of the "Cyber Kill Chain."

The first phase of attack, says O'Reilly, is reconnaissance, in which cyber criminals gather information about a potential target. The second, he continues, is 'weaponisation', whereby the cyber criminals use malware to create a malicious payload to send to the victim.

In the delivery phase, says O'Reilly, the payload is sent to the victim, often via e-mail, to install itself on the victim's system and exploit it. Then, in the command and control phase, the criminal operates assets remotely to achieve their final step, which is to exfiltrate the information or carry out the processes they want to, O'Reilly concludes.

Disrupting any one of these phases can prevent or at least slow down an attacker, says O'Reilly. "All security professionals have the same aim: to force the attacker to spend so much time and energy [on an attack] that the reward is no longer worth the effort."

Most traditional security solutions focus on malware alone, and miss more complex attacks, O'Reilly notes. Companies should in fact employ continuous monitoring of internal systems to seek out abnormal behaviour that may indicate monitoring or intrusion, and essentially show that a cyber attack is under way, he advises.

Having a good firewall in place is also important, as it can prevent the exfiltration of data, adds OReilly. "A new generation firewall will be able to monitor outgoing traffic against a list of known bad IPs, and make sure only the information that should be leaving the environment is doing so."

Manfred Kube, head of Gemalto's M2M (machine-to-machine) division, advocates a "security by design" approach. "The goal in planning overall architectures is to secure what needs to be secured at the right level and price point for each individual business case.

"Security is always a matter of balancing investments and threats. That is why a security strategy has to start with an assessment of risk of threats to the overall architecture. After risk is evaluated at each level, appropriate countermeasures can be identified and designed to ensure trust in the overall infrastructure," says Kube. "The goal is to secure only what needs to be secured and at the right level depending on the risk."

Understanding the "Cyber Kill Chain" is important, says O'Reilly, because it helps security professionals understand their potential attackers, predict their next moves and defend themselves accordingly.

Share