Happy Friday, Federal friends! I hope that you folks out in the desert are having a blast at BlackHat, B-Sides and DEFCON. It sounds like it's been a great week out there, mostly because it's been so quiet back here in HQ.
Speaking of BlackHat; there was a session this week being hosted by Tom Cross, director of security research at Lancope. He, and two other industry experts, were going to be discussing utilizing a variety of militaristic approaches to cybersecurity. In particular, having organizations implement the kill chain methodology to their cybersecurity workflows. In an article on eSecurityPlanet, Mr. Cross discusses how the Air Force uses the kill chain when it fires missiles.
- Determine what is being targeted
- Determine that your weapon is properly aimed at the target
- Confirmation that the target is correct
- After the missile is fired, confirmation that the target was hit
Mr. Cross does also discuss using additional military principles such as OPSEC, MILDEC, Cyber Terrain Analysis and Cyberspace Planes, as well as a few other tried and true military methodologies. As his session highlighted, by applying some of these steps to your current workflow you can keep yourself better organized. He does remind us all that it's not a matter of if, but rather when, our networks will be attacked. By coming to terms with that it's important to remain focused on detection as well as prevention. He also points out that while attackers need to only be right once it takes a lot of effort on their part to determine what is to be targeted. While there are a million things we have to worry about in terms of defense, the attackers still need to do work to find what we've missed. In doing their recon they actually do leave themselves exposed, but it's up to us to find them. They have more than a few steps they have to follow, as the kill chain outlines, to find that one vuln that will grant them the access they are looking for.
With the kill chain is fairly short, while being direct, it can help organizations better organize their information about an attack and help them quickly pivot and respond to the attacker. But, you will need a better understanding your networks, and it's vulnerabilities, to be more effective in your organization's ability to predict and target the areas that are prime for intrusion and shore up your defenses accordingly. By being properly armed (tools and manpower), and by using methodologies such as the kill chain, you can be better prepared to respond quickly and more accurately to an incident.
Here's a copy of the whitepaper associated with his session "The Library of Sparta."