Virtually every organization needs to provide digital services to its clients. However, digitization creates enormous threats for an organization, its customers and its employees. 为了应对这些威胁, organizations must implement cybersecurity strategies and standards, 并遵守监管要求. Organizations therefore need to increase security investment by implementing different security solutions and investing time and budget for security architecture development, implementation and monitoring by skilled and experienced cybersecurity professionals.
在信息系统中, an infrastructure attack is an attempt to exploit vulnerabilities in systems, 应用程序, 数据库和安全解决方案, 什么会导致改变, 禁用, 破坏, stealing or gaining of unauthorized access in any system. Cyberattacks are offensive approaches by attackers to target systems. Cyberattacks include installing 恶意软件 and ransomware, structured query language (SQL) injection, 拒绝服务(DoS)攻击, 木马, fileless恶意软件, 间谍软件, virus and 关键伐木者 on an end-user computer system, which can lead to an attempt to destroy the information system infrastructure of an organization.
Prevention alone cannot ensure security against infrastructure attacks. To achieve proper protection from cyberattacks, organizations must implement security in a layered approach, 比如使用网络杀伤链.
Attackers follow a chain or a series of consecutive steps to perform attacks on targeted systems and organizations called attack chains. Information security professionals should know the activities performed by attackers in each step so they can design, architect and implement security in layered approaches to break the attack chain (e.g., cyber kill chain or cyberattack kill chain).
Understanding the cyber kill chain helps analysts combat cyberattacks in any form (i.e., 恶意软件, ransomware, 关键伐木者, 安全漏洞, attacks on application software using SQL injection, 错误配置, broken authentication and advanced persistent threats [APTs]).
The kill chain framework was originally established to 识别, 准备进攻, 攻击并摧毁目标. 自成立以来, the kill chain has evolved to better anticipate and recognize insider threats, 社会工程, advanced ransomware and innovative attacks.
通过了解网络杀伤链, information security architecture can be designed to prevent, 检测, 识别, 包含, 恢复, 恢复, report and perform forensic investigation to learn lessons from any incident, and a layered approach can implement solutions to stop an attack at each stage of the cyberattack kill chain.
网络安全 assurance professionals should review their organization’s security architecture in light of the cyberattack chain so they can check measures taken by the organization in each step. Organizations should implement security awareness; data classification; internet and infrastructure use policies, processes and procedures; preventive measures to protect spreading 恶意软件 in the infrastructure; monitoring logs; anti-恶意软件; anti-APT solutions; stopping lateral movement; protection status of obfuscation; sandboxing; and prevention of data exfiltration using different security solutions.
Step-by-step review of each phase in the cyberattack chain facilitates threat hunters, cybersecurity professionals and risk practitioners to 识别 gaps in the implemented security architecture of an organization.
编者按: For further insights on this topic, read 穆罕默德·穆斯菲库尔·拉赫曼’s recent Journal article, “Security and Risk Assessment of IT Defense Strategies Considering the Cyber Kill Chain,” ISACA杂志,第6卷,2020年.
别忘了,澳门赌场官方软件可以 免费获得CPE 来自ISACA期刊的测验!
