The Cyber Kill Chain model provides a framework for understanding how an adversary breaches the perimeter to gain access to systems on the internal network. However, this model is incomplete and can lead to over-focusing on perimeter security, to the detriment of internal security controls. In this presentation, we'll explore an expanded model including the Internal Kill Chain and the Target Manipulation Kill Chain.
We'll review what actions are taken in each phase, and what's necessary for the adversary to move from one phase to the next. We'll discuss multiple types of controls that you can implement today in your enterprise to frustrate the adversary's plan at each stage, to avoid needing to declare "game over" just because an adversary has gained access to the internal network. The primary limiting factor of the traditional Cyber Kill Chain is that it ends with Stage 7: Actions on Objectives, conveying that once the adversary reaches this stage and has access to a system on the internal network, the defending victim has already lost. In reality, there should be multiple layers of security zones on the internal network, to protect the most critical assets. The adversary often has to move through numerous additional phases in order to access and manipulate specific systems to achieve his objective. By increasing the time and effort required to move through these stages, we decrease the likelihood of the adversary causing material damage to the enterprise.
Sean Malone has conducted full real-world red team attacks against dozens ofdifferent organizations. He knows how the adversary thinks and operates,because he has been that adversary countless times in his work as aconsultant. Sean works with these organizations to improve their security farbeyond check-box requirements and compliance minimums. His reshaping ofenterprise security architecture consistently results in significantlydecreased attacker success rates. This comprehensive knowledge of anattacker's mindset, combined with his in-depth understanding of the landscapeof a corporate security environment, leaves him uniquely suited to design andimplement effective security programs for any corporation. Sean Malone assistsorganizations in achieving real risk reduction by ensuring that they have thepeople, technologies, and processes in place to enable business operationswhile preventing, detecting, and responding to attacks by sophisticated cyberadversaries. He's deeply skilled in Security Vision & Leadership, C-SuiteCollaboration, Penetration Testing, Information Risk Management and more.