The cyber kill chain framework has proven to be a great tool for helping to defend against a wide range of threats, from advanced targeted attacks to fraud. It is currently evolving to meet the needs of specific types of threats. The insider threat kill chain and ransomware kill chain discussed here show how it can be used by organisations in a range of circumstances. In all circumstances, the use of a threat lifecycle management platform, which itself has evolved from SIEM systems, will help organisations considerably in their fight against cyber criminals. It provides the automation that is essential for detecting and responding to threats in an efficient and effective manner. Combined with advanced capabilities that include artificial intelligence and machine learning, organisations of all sizes will be better placed to defend themselves.