A “kill-chain” depicts the phases of a cyber attack. A retrospective analysis of threat characteristics across an entire kill-chain can be crucial in designing an active cyber defense.
Most organizations continue to focus on preventing cyber attacks by relying on commercial security products such as patching and blocking bad domain names and IP addresses. While these approaches are effective against some types of threats, they fail to stop advanced attacks and provide no knowledge of what an adversary does once the network is penetrated. This paper present a more effective framework for thinking about cyber defense called the cyber kill-chain.