// THREAT DETECTION AND DATA PRIVACY TERM
Kill Chain
The kill chain is a model that describes the typical stages an adversary goes through to achieve an objective, such as launching an attack or exfiltrating data. It helps organizations understand and defend against potential threats by identifying points where an attack can be disrupted.
TECHNICAL DEFINITION
The Kill Chain, originating from military targeting and adapted for cybersecurity, is a seven-stage adversarial attack lifecycle model that outlines the sequential phases an attacker must complete to achieve their objective, from reconnaissance and weaponization to exploitation, installation, command and control, and actions on objectives, enabling defenders to identify, detect, and disrupt threats at any stage.
BACKGROUND
The cyber kill chain is the process by which perpetrators carry out cyberattacks. Lockheed Martin adapted the concept of the kill chain from a military setting to information security, using it as a method for modeling intrusions on a computer network. The cyber kill chain model has seen some adoption in the information security community. However, acceptance is not universal, with critics pointing to what they believe are fundamental flaws in the model.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Cyber Kill Chain
- Attack Lifecycle
- Adversary Playbook
- Threat Kill Chain
- Attack Chain
USAGE NOTE
The kill chain framework is widely used by cybersecurity professionals and military intelligence analysts to map out adversary tactics and implement defenses at each stage of an attack.
DEVELOPERS
Organizations developing technology related to Kill Chain.
Originators of the Cyber Kill Chain framework, Lockheed Martin develops advanced cybersecurity systems and technologies for defense, intelligence, and commercial sectors, directly applying the kill chain methodology to identify and neutralize cyber threats.
Known for its expertise in incident response and threat intelligence, Mandiant helps organizations detect, investigate, and respond to advanced cyber threats, often framing its analysis and recommendations around the stages of the kill chain to disrupt attacker operations.
CrowdStrike provides cloud-native endpoint protection, threat intelligence, and incident response services, designed to identify and stop attacks across various stages of the cyber kill chain, from initial compromise to exfiltration.
Palo Alto Networks offers a comprehensive cybersecurity platform that includes network security, cloud security, and endpoint protection, with products designed to prevent successful cyberattacks by detecting and blocking threats at multiple points in the kill chain.
Splunk develops software for searching, monitoring, and analyzing machine-generated big data. Its security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solutions help organizations identify kill chain activities through log analysis and automate responses.
Fortinet provides a wide range of cybersecurity solutions, including firewalls, endpoint security, and security operations platforms. Its Fortinet Security Fabric integrates these technologies to provide comprehensive protection across the entire attack surface, actively disrupting kill chain stages.
Microsoft's security division offers a vast portfolio of products and services, including Microsoft Defender XDR and Microsoft Sentinel. These tools provide unified visibility, threat detection, and automated response capabilities across endpoints, cloud, and identity, enabling organizations to defend against and disrupt cyber kill chain operations.