In previous modules, you studied different types of cyberattacks and the concepts and practices of threat modeling. Tools like the Lockheed Martin Cyber Kill Chain can help extend threat modeling into incident handling. Discuss using tools like the Cyber Kill Chain to handle incident response for emerging technologies.
In response to your peers, discuss the possible gaps left by using a tool like the one described in their initial posts.
To complete this assignment, review the Discussion Rubric.
RESPONSE ONE
Hello all,
Regarding all of the research experienced, the fourteen (14) page paper discussing the Kill Chain Defense Process from Lockheed Martin has inciteful information. Intelligence driven defense is the most effective form of protection for the network. Noting that every threat actor creates their own unique profile and personal attack signature to recognize helps an analyst narrow down the list of suspects for an attack. The attacks are further defined as Advanced Persistent Threats (APT). As each attack is attempted, every nuance is recorded and archived to anticipate future attacks.
From reading the paper, it notes that there is another way to recognizing the threat actor:
Find, Fix, Track, Target, Engage, and Assess.
The same way the military plans for an assault, this method is helpful to create an effective strategy to retaliate against a known threat. The paper also notes a case study that examines an email that proves and documents attack attempts by outside threats, or indicators. It shows how innocent messages can have elaborate code that gets embedded and can infiltrate the system undetected would like to see more examples of the case study in the future as there are threats that will be different from the last.
RESPONSE TWO
Good evening,
One tool that i found that is similar to the Lockheed Martin Cyber Kill Chain is the MITRE ATT&CK frame work. Both of these tools illustrate the phases of a cyber attack that include reconnaissance, weaponization and deliver, exploitation, installation, command and control, and finally actions. All of these tools do a great job in starting the process of incident response, and each have their advantages and disadvantages. Where they both succeed is that they are to identify how cyber attacks occur and the process in which they are trying to attack. These tools can help us during incident response as we are able to see the attacks and respond accordingly within procedures.
Place this order or similar order and get an amazing discount. USE Discount code “GET20” for 20% discount