“Kill Chain” is a concept in traditional warfare in which you attack the point of the chain that makes it difficult if not impossible for your adversaries to continue attacking, said Conrad Constantine (@cpconstantine), SIEM Research Operative at Alien Vault in our conversation at the 2013 Security B-Sides in San Francisco.
Historically, most infosec protections are point solutions at the moment of attack. Constantine is buoyed by the fact that many infosec divisions are adopting “Kill Chain” methodology as it facilitates you’re ability to secure data.
“Once you start grouping these actions together into real attack chains then you can concentrate your activity on the things that will give you the most result,” said Constantine, “The force multipliers where you can have the most payoff for the least work.”
Constantine notes that if you see an army marching on its stomach, you can stop their advances if you bomb its food supply. That is their weakest link. We often refer to the weakest link in our own defenses, but that same concept works on your adversaries as well, said Constantine who notes that “Kill Chain” teaches us to treat the source, not the symptom.
For more on the “Kill Chain” check out these articles by Tripwire’s CTO dwayne Melancon:
Army image courtesy of Shutterstock