Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency

Explore an expanded Cyber Kill Chain model to enhance attack resiliency in this 50-minute Black Hat conference talk. Delve into the limitations of the traditional Cyber Kill Chain framework and discover how an expanded model, including the Internal Kill Chain and Target Manipulation Kill Chain, can provide a more comprehensive understanding of adversary tactics. Learn about the actions taken in each phase and the necessary steps for adversaries to progress through the model. Gain insights into implementing multiple types of controls within your enterprise to frustrate adversary plans at each stage, preventing a "game over" scenario even after internal network access is gained. Understand the importance of multiple security zones on internal networks to protect critical assets and increase the time and effort required for adversaries to achieve their objectives. Explore concepts such as the De Loop, the Spiral, and the Tree to visualize attack progression and defense strategies. Examine practical examples, thresholds of defender success, and methods to shift the economic model in favor of defenders, ultimately improving overall cybersecurity resilience.