Carbon Black, globally renowned cloud-native endpoint protection solutions provider, has released a white paper that proposes an updated cybersecurity kill chain model to help defenders stay ahead of evolving cyberattacks.
Cybersecurity kill chain model
The paper titled, ‘Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behaviour’, delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk.
We believe cybersecurity professionals should be looking at existing kill chain models with a new lens"
“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author. “It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent. Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model at how attackers think and behave.”
Cognitive Attack Loop
The paper outlines, in detail, the three phases proposed in the Cognitive Attack Loop - Recon & Infiltrate; Maintain & Manipulate; and Execute & Exfiltrate.
The Cognitive Attack Loop was borne from insight provided by Carbon Black’s cloud-native endpoint protection platform (EPP), which collects terabytes of data per day from around the globe, as well as insights from the Carbon Black Threat Analysis Unit (TAU).
Data security
“The more insight defenders have into cybercriminal behaviour, the more effective technology can be in recognising and stopping suspicious activity. The patterns we see in attack data transcend any individual attack and allow us to provide protection against a broad set of threats without relying on specific pre-discovered indicators of compromise (IOCs).
“With the Cognitive Attack Loop, we’ve taken the various insights from our cloud-native EPP and our threat research efforts to arrive at a modern cycle that helps uncover cybercriminal behaviour and gives defenders a true sense of how modern attackers are operating.”
