Cyber Kill Chain — NOYNIM IT
Denver IT Security and Service organization NOYNIM understands and studies IT security thoroughly. Recently NOYNIM has been doing some research on Cyber Kill Chain and looking at different methodologies for our clients in the security analysis model. Please take a look and let us know your comments. We at Denver IT services organization NOYNIM feel its important to post these blogs and share our experiences with the community so please let us know your comments and what topics you would find helpful.
IT Security is changing rapidly and becoming more complex. The days of installing a firewall and calling your network secure are over. One fairly new term is “Cyber Kill Chain” or simply “Kill Chain.” Generally we use the Cyber Kill Chain as a defensive mechanism to detect and keep intruders out in Incident Response. Having numerous entry points to the Internet can cause more vulnerabilities and also require additional security measures. A few years ago we limited internet access through web content filters or used email as an egress point; today we have numerous points. Some of the new entry points are: mobile devices, hot spots, VoIP, cloud services and tethering.
Cloud computing is another big area of concern which will be discussed briefly in this post. Organizations today subscribe to SaaS or various other cloud computing services without doing the proper due diligence and or testing. One example is a hosted PBX and its vulnerabilities and or issues. Most of the time PBX hosting providers do not encrypt the connection between the on-premise phone and the hosted PBX. This means that sensitive internal conversation (extension to extension calls) can be monitored/sniffed and eaves dropped by others.
Once you properly analyze your IT environment and assign risk you will know what areas you will need to protect. The Cyber Kill Chain describes the structure of an intrusion. Figure 1.0 is a model that will guide you through actionable security intelligence. This model should be used to identify attacks early and avoid potential data theft or damage.