Skip to main content

Intrusion Killchain: Disrupting Cyber Adversary Activity

N2K NetworksOctober 7, 20258 min55 views
21 connections·32 entities in this video

Understanding the Intrusion Killchain

  • 💡 The Intrusion Killchain is a cybersecurity strategy focused on disrupting adversary activity at specific phases of an attack sequence.
  • 🎯 It was introduced in a 2010 paper by Lockheed Martin, shifting focus from preventing all technical breaches to breaking an adversary's chain of actions.

Evolution of Cyber Defense Thinking

  • 🧠 Before the killchain model, defense strategies like "defense in depth" focused on preventing technical failures, assuming defenders needed to be perfect against all threats.
  • 🚀 The killchain concept reversed this by highlighting that adversaries must succeed through a series of linked actions, meaning defenders only need to disrupt one step.
  • 📈 This intelligence-driven approach creates a feedback loop, decreasing adversary success likelihood with each intrusion attempt.

Operationalizing the Killchain

  • ⚠️ While brilliant conceptually, the original Lockheed Martin paper lacked operational details on how to collect intelligence, analyze data, and deploy mitigations.
  • 🛠️ Subsequent frameworks like MITRE's ATT&CK and the Department of Defense's Diamond Model have helped fill this operational void.

Phases of the Intrusion Killchain

  • 🔍 Adversaries typically perform reconnaissance to find weaknesses.
  • 🔨 They then craft and deliver a weapon to an endpoint.
  • 💻 Upon compromise, they establish command and control to download further tools.
  • 🎯 Finally, they perform "actions on objective," which usually involves lateral movement to find and exfiltrate data.
Knowledge graph32 entities · 21 connections

How they connect

An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.

Hover · drag to explore
32 entities
Chapters4 moments

Key Moments

Transcript30 segments

Full Transcript

Topics11 themes

What’s Discussed

Intrusion KillchainCybersecurityAdversary ActivityDefense in DepthZero Trust ModelLockheed MartinMITRE ATT&CKDiamond ModelReconnaissanceCommand and ControlData Exfiltration
Smart Objects32 · 21 links
Companies· 5
Medias· 3
Events· 4
Concepts· 12
People· 8