Intrusion Killchain: Disrupting Cyber Adversary Activity
N2K NetworksOctober 7, 20258 min55 views
21 connections·32 entities in this video→Understanding the Intrusion Killchain
- 💡 The Intrusion Killchain is a cybersecurity strategy focused on disrupting adversary activity at specific phases of an attack sequence.
- 🎯 It was introduced in a 2010 paper by Lockheed Martin, shifting focus from preventing all technical breaches to breaking an adversary's chain of actions.
Evolution of Cyber Defense Thinking
- 🧠 Before the killchain model, defense strategies like "defense in depth" focused on preventing technical failures, assuming defenders needed to be perfect against all threats.
- 🚀 The killchain concept reversed this by highlighting that adversaries must succeed through a series of linked actions, meaning defenders only need to disrupt one step.
- 📈 This intelligence-driven approach creates a feedback loop, decreasing adversary success likelihood with each intrusion attempt.
Operationalizing the Killchain
- ⚠️ While brilliant conceptually, the original Lockheed Martin paper lacked operational details on how to collect intelligence, analyze data, and deploy mitigations.
- 🛠️ Subsequent frameworks like MITRE's ATT&CK and the Department of Defense's Diamond Model have helped fill this operational void.
Phases of the Intrusion Killchain
- 🔍 Adversaries typically perform reconnaissance to find weaknesses.
- 🔨 They then craft and deliver a weapon to an endpoint.
- 💻 Upon compromise, they establish command and control to download further tools.
- 🎯 Finally, they perform "actions on objective," which usually involves lateral movement to find and exfiltrate data.
Knowledge graph32 entities · 21 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover · drag to explore
32 entities
Chapters4 moments
Key Moments
Transcript30 segments
Full Transcript
Topics11 themes
What’s Discussed
Intrusion KillchainCybersecurityAdversary ActivityDefense in DepthZero Trust ModelLockheed MartinMITRE ATT&CKDiamond ModelReconnaissanceCommand and ControlData Exfiltration
Smart Objects32 · 21 links
Companies· 5
Medias· 3
Events· 4
Concepts· 12
People· 8