Thursday, December 15, 2011

Attack the Kill Chain MindMap

If we look at the past 12 months it hardly seems a day goes by, whereby a news article is posted of an attack or compromise.

These range from small family businesses trying to gain an online advantage (especially in todays climate) to large scale businesses which provide services which impact our everyday life.

In 2009 Mike Cloppert posted Security Intelligence: Attacking the Kill Chain the article was an excellent example of foresight (And from someone deep in the trenches).
The article was part of a series on Security Intelligence which I feel has even more importance as we come to an end of 2011.

I’m not really big on predictions, but i will make this one.

I guarantee that more articles will be written in 2012 which describe online attacks.(Fairly certain this will be a safe bet).

As an Industry we need to stop using the old Ostrich approach and “bury our heads in the sand”. The attacks are going to come, lets try and find a way to deal with them through being open and sharing the experience of how the compromise occurred.

“Defence in Depth” is not just about multiple layers of technology, its also about Knowledge Sharing, if i know what to look for its also my duty to pass that on so others can prevent the same mistake\compromise from happening.

I have produced a Mindmap of what I feel are the key points of the article. The Mindmap is based on my interpretation of the original article.

Please read the original article, if you work in the Information Security space try to incorporate  them in to your everyday life.
Attacking_the_Kill_Ch

A higher resolution image can be found here