File:Intrusion Kill Chain - v2.png

Page contents not supported in other languages.
This is a file from the Wikimedia Commons
From Wikipedia, the free encyclopedia

Original file(950 × 681 pixels, file size: 158 KB, MIME type: image/png)

Understanding the graphic

Computer scientists at Lockheed-Martin corporation described in 2011 the usage of a new "intrusion kill chain" framework or model to defend computer networks.[1] They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. The kill chain can also be used as a management tool to help continuously improve network defense. Threats must progress through seven stages in the model:

  • Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
  • Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
  • Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
  • Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
  • Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
  • Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
  • Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.[2]

References

  1. Lockheed-Martin Corporation-Hutchins, Cloppert, and Amin-Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains-2011
  2. U.S. Senate-Committee on Commerce, Science, and Transportation-A "Kill Chain" Analysis of the 2013 Target Data Breach-March 26, 2014

Summary

Description
English: Intrusion kill chain for information security
Date
Source http://www.public.navy.mil/spawar/Press/Documents/Publications/03.26.15_USSenate.pdf
Author U.S. Senate Committee on Commerce, Science, and Transportation

Licensing

Public domain
This file is a work of a sailor or employee of the U.S. Navy, taken or made as part of that person's official duties. As a work of the U.S. federal government, it is in the public domain in the United States.
This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights.

Captions

Add a one-line explanation of what this file represents

Items portrayed in this file

depicts

inception

26 March 2014

File history

Click on a date/time to view the file as it appeared at that time.

Date/TimeThumbnailDimensionsUserComment
current17:24, 30 June 2016Thumbnail for version as of 17:24, 30 June 2016950 × 681 (158 KB)FarcasterUser created page with UploadWizard
The following pages on the English Wikipedia use this file (pages on other projects are not listed):

Global file usage

The following other wikis use this file:

Metadata

This file contains additional information, probably added from the digital camera or scanner used to create or digitize it.

If the file has been modified from its original state, some details may not fully reflect the modified file.

Retrieved from "https://en.wikipedia.org/wiki/File:Intrusion_Kill_Chain_-_v2.png"