THE KILL CHAIN is a concept that has been borrowed from the military. It describes the phases that are involved in an attack. It came into use in the commercial sector in 2011 when Lockheed Martin coined the phrase “cyber kill chain” to describe the phases that are involved in any advanced targeted attack on computer networks. These are: reconnaissance, weaponisation, delivery, exploitation, installation, command and control, and action.
Every phase of the kill chain provides an opportunity to disrupt attacker activity using a combination of people, processes and technology. The earlier that an attacker can be disrupted, the easier and quicker it is for an organisation to mitigate the threat and prevent serious interruption to their operations, as well as preventing the consequences and costs of a full-blown assault.
Any organisation, whatever its size or line of business, could be the target of an advanced attack. This document describes what options are available for disrupting attackers at each stage of the kill chain.