The Cyber Kill Chain Model has been improved, the new approach was created and named Unified
Kill Chain (UKC) Model. The main idea of this model is to combine two existing models: the Lockheed Martin' Cyber Kill Chain and the MITRE ATT&CK for Enterprise
The MITRE ATT&CK Framework offers a comprehensive inventory of adversary tactics and
techniques, while the Lockheed Martin Kill Chain offers a methodical view of an attacker's intrusion
stages. By merging these frameworks, the Unified Kill Chain allows enterprises to evaluate their
defenses from two different perspectives
- strategically - taking into account the stages of an attack
- tactically - emphasizing particular attacker actions.
This combination enables organizations to assess their security posture holistically and adjust
their defensive strategies as necessary.
The Unified Kill Chain consists of eighteen phases, or strategies, that a cyberattack could go
through. Phases may be skipped, repeated, or executed out of order by any given attack.
It is possible to combine several tactical phases of an attack to accomplish intermediate goals, like
getting a first foothold in a targeted network, breaking into it to increase your level of access, and
taking action against important assets.
All typical cyberattack activities, from the initial reconnaissance conducted by external attackers
to the successful accomplishment of the attack's ultimate goals beyond the organizational perimeter,
can be modeled using the Unified Kill Chain.
The Unified Kill Chain relies on the expertise of industry leaders such as Lockheed Martin' Cyber Kill Chain and MITRE's ATT&CK for Enterprise model in order to cover such a wide range.
Post a Comment