One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 5592303 |
| Date de publication | 2022-07-07 10:00:00 (vue: 2022-07-07 10:06:09) |
| Titre | How can SOC analysts use the cyber kill chain? |
| Texte | This blog was written by an independent guest blogger. Security Operation Centers (SOCs) offer a robust method of ensuring cybersecurity and safety within an organization. Their demand has continued to grow, specifically with a significant rise in cyber-attacks amidst a looming cybersecurity skills gap. However, despite a typical SOC analyst's immense training and knowledge, mitigating the increase in cyber-attacks is no easy job. Compared to 2020, cybercrime has risen by 50% in 2021, which ultimately demands the use of robust security models such as the Cyber Kill Chain Model, which can help attain strong cybersecurity for organizations. Developed in 2011, the Cyber Kill Model is a widely accepted security model that helps SOC analysts and security practitioners attain security from several cyber-attacks. However, despite its usefulness, the model is yet to achieve the proper recognition it deserves. What is a cyber kill chain? The cyber kill chain model is a cyber security attack framework that helps explain how a specific cyber-attack is executed. In theory, the framework helps break down the steps taken by threat actors while conducting a successful cyber-attack. According to the model, there are seven stages of a cyber-attack that are: Reconnaissance Weaponization Delivery Exploitation Installation Command and control (C2) Actions on objectives The cyber kill chain model essentially debunks the traditional castle and moat method of attaining cyber security for organizations. Instead, the model helps identify, analyze and prevent cyber-attacks altogether. Developed as part of the Intelligence Driven Defense model for identifying and preventing cyber-attacks and data exfiltration, the model is widely accepted and used by various security practitioners. It is recognized as one of the most informative methods for understanding cyber-attacks and places emphasis on both the technology-driven and the social engineering-driven aspects of an attack. A proper understanding of the model can help prevent various attacks such as data breaches, privilege escalation, phishing, malware, ransomware, social engineering, and many more. How do SOC analysts use the cyber kill chain? SOC systems are built within organizations to monitor, detect, investigate, and respond to various cyber-attacks. The teams are charged with protecting sensitive data and the organization's assets, such as personal data, business systems, brand integrity, and intellectual property. Amidst this, the cyber kill chain model can effectively help them identify and mitigate a myriad of cyber-attacks. The seven stages of the cyber kill model demonstrate a specific goal along with a threat actor's path. SOC teams can therefore use the Cyber Kill Chain model to understand these attacks and implement security controls to prevent and detect the cyber-attacks before it thoroughly infiltrates the organization's network in the following method: 1. Reconnaissance This is the first stage of the cyber kill chain and involves the threat actor researching the potential target before the actual attack. Since the threat actor is on the hunt for vulnerabilities within the organization's cybersecurity posture, SOC analysts can ensure security through various means. They can use threat intelligence and network Intrusion Detection System (IDS) to mitigate the attack. Moreover, to minimize the chances of an attack, SOC analysts can also maintain an |
| Envoyé | Oui |
| Condensat | reconnaissance 2011 2020 2021 accepted access accidentally according achieve acls actions activities actor actors actual additional additionally along already also altogether amidst analyst analysts analyze another anti antimalware apart app application are are: area aspects assets assume attack attacks attain attaining authentication automated avoid aware backdoor based been before blending blog blogger both brand breaches break built business called can case castle centers chain chances charged cloud code coming command commands compared completely compromised conducting contain contained contains continue continued continuously control controlled controls could coupling critical crucial cyber cybercrime cybersecurity damage damages data day ddos debunks defense degraded delivered delivery demand demands demonstrate denial deny deploy deploying deserves despite detect detection develop developed disrupt distributing domain down driven easy effectively email emails emphasis employing enabling encountered encryption endpoint endpoints engineering ensure ensuring entice escalation essentially event every evident evolving executed exfiltration explain explains explicit exploit exploitation exploited exploits extortion factor far featuring file files filtering final firewall firewalls first following framework from further gain gap goal grow guest hack hardware has have having help helps hids host how however hunt identify identifying ids immense implement incidence including increase independent infiltrate infiltrates information informative infrastructure infrastructures install installation installing instead integrity intellectual intelligence inter interacted intruder intrusion investigate involves ips its job kill knowledge landscape lists load look looming main maintain malicious malware management many may means method method: methods minimize mitigate mitigating moat model models module monitor more moreover most much multi myriad name network new nids not objectives occurrence occurring offer offers often one open operation organization organizations part particular password passwords patch path payload persistence personal phase phishing places plan point policy possible posture potential powerful practices practitioners preparation prevail prevent preventing prevention privilege prompts proper property protect protecting protection providing proxy ransomware receive recognition recognize recognized recommends reconnaissance reduce referred refers regular rely remote researching respond response rest rise risen robust safe safety save scheme second secure security segmentation send sensitive separation server servers service services seven several sharing siem significant significantly since sinkholes situation skills soc social socs software specific specifically stage stages staging starters step steps stolen strong successful successfully such suppose system systems taken target targets team teams techniques technology them theory therefore these thoroughly threat through tool tools traditional traffic training trapit trigger trojan trust typical typically ultimately under understand understanding use used usefulness users using usually utilize utilizing various vectors victim vpns vulnerabilities vulnerability ways weaponization weaponizer webmail what when where which whitelisting widely will within words work works wreak written yet zero zone zones |
| Tags | Ransomware Malware Hack Tool Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.