Following on from Part 1 where we discussed the importance of addressing your cyber risk concerns with your C-Suite through your budget, this post concentrates on the step after you identify potential adversaries: mitigating those risks.
Let’s discuss the Cyber Kill Chain. The Cyber Kill Chain is the process that every adversary follows to infiltrate your system and damage infrastructure. To manage this risk, you – as the security professional must break down this process for your C-Suite in your presentation.
Adversaries (your business’ cyber enemies) will attack your network following this process:
- Recon to find vulnerabilities in the company’s defense.
- Develop a weapon to leverage any found vulnerabilities
- Deliver the weapon
- Install the weapon
- Establish Command & Control
- Deliver and Install the malcode package that will accomplish the task: steal credit card numbers, steal PersonaIIy Identifiable Information (PII), destroy data, damage equipment, etc.
- Exfiltrate stolen information (if that is the goal)
- (Optional) Compromise more computers laterally
Adversaries have to be successful at all seven links in the Kill Chain to accomplish their overall objective. The defense only has to be successful once in the Kill Chain to stop them.
A business that takes cybersecurity seriously needs a good strategy in place to mitigate the controls at each level of the Kill Chain and monitor for activity.
Palo Alto Networks addresses each step in the approach, from enterprise security platform’s increased visibility into applications, users and content to the extended malware detection capabilities found in WildFire including the advanced features just released as part of PAN-OS 6.0. update.
So how do you convince your C-Suite to spend money on improving their cyber defense? Cirrus Networks can provide you with real-life examples of how attackers moved down each level of the Kill Chain, and what you could do to them. Providing this knowledge to your executives will enable your company make cyber security a priority on your budget.
Taking a prescriptive approach, instead of trying to convince the C-Suite to spend money on cyber defense because, it is cyber and it is scary, you can show them exactly what they are spending the money for and why it’s important.
Did you know that 92% of these attacks can be described by just nine basic patterns? (Source: Horizon).
Join Cirrus Networks and the market leading enterprise security company Palo Alto Networks, to learn how by identifying the “kill chain” and breaking it at various points in the enterprise can not only provide an easy to use solution, but also reduce ongoing capital and operational costs.
During this one-day conference ‘Breaking the KILL CHAIN – Lunch and Learn’ learn how to identify risks, and safeguard your business. Secure your place in this event today, and go in the running to win an iPad Air.
Click here to view Part 1 of this post.