Carbon Black Proposes Updated Cybersecurity Kill Chain Model to Help Defenders Stay Ahead of Modern Attacks
July 2019 by Carbon Black
Carbon BlaCarbon Black Proposes Updated white paper that proposes an updated cybersecurity kill chain model to help defenders stay ahead of evolving cyberattacks.
The paper, “Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behaviour,” delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk.
“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author. “It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent. Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model at how attackers think and behave.”
The paper outlines, in detail, the three phases proposed in the Cognitive Attack Loop - Recon & Infiltrate; Maintain & Manipulate; and Execute & Exfiltrate.
The Cognitive Attack Loop was borne from insight provided by Carbon Black’s cloud-native endpoint protection platform (EPP), which collects terabytes of data per day from around the globe, as well as insights from the Carbon Black Threat Analysis Unit (TAU).
“The more insight defenders have into cybercriminal behaviour, the more effective technology can be in recognising and stopping suspicious activity,” Kellermann said. “The patterns we see in attack data transcend any individual attack and allow us to provide protection against a broad set of threats without relying on specific pre-discovered indicators of compromise (IOCs). With the Cognitive Attack Loop, we’ve taken the various insights from our cloud-native EPP and our threat research efforts to arrive at a modern cycle that helps uncover cybercriminal behaviour and gives defenders a true sense of how modern attackers are operating.”