Reversing the Killchain - An Actionable Framework for Defending Against Common Threats presented at bsideswellington 2017

by Amanda Berlin,

Summary : The Intrusion Kill Chain, sometimes called the Cyber Kill Chain, is a model for actionable intelligence when defenders align enterprise defensive capabilities to the specific processes an adversary undertakes to target that enterprise. Everyone talks about the cyberkill chain(tm) and along with it comes abundant misinformation and scare tactics. Instead of scaring you we'll focus on the most effective steps you can take to protect your organization from the vast majority of threats by breaking down the actions along with defensive mitigation and monitoring. Use cases such as ransomware, webserver vulnerabilities, shadow IT, data exfiltration, and lateral movement will be broken down for a better understanding of how to improve the standard of defense at each level. Use cases in general are important for showcasing situations that may put critical infrastructure, sensitive data, or other assets at risk. By demonstrating defense in depth, each layer ends up providing additional defensive mitigations for a continued decrease in risk. Following the creation and implementation of security controls around use cases is the testing of tabletop exercises and drills as a proof of concept.