Cyber Security Blog

Stay ahead of the curve with industry trends, cutting edge tech and inventive strategies.

The cyber-kill chain and the importance of threat modelling

Passive, reactive security defences struggle to contend with the ever-growing risk of cyber-attacks. Let’s put things into context. The global cyber-crime enterprise generates more revenue than some countries.

By 2025, it is set to reach a staggering £10 trillion.

Cyber criminals are constantly developing the sophistication and volume of their attacks. It is predicted a new cyber-attack is launched every 39 seconds. 

There is a clear need for a more preventative, proactive and threat focussed approach to achieving cyber resilience.

The Cyber Kill Chain and threat modelling is a fundamental part of achieving this transition.

Do you want to get deeper insights into understanding hackers, the cycle of cyber-attacks and how to become more resilient?

Read on to find out why and how you need to incorporate these methodologies into your security strategy!

The difference between offensive and defensive security

Before we get started, let’s define the difference between an offensive and defensive security approach.

Defensive security is about protecting your systems from threats, while offensive security is about finding and exploiting security vulnerabilities. It’s a way of turning tables on attackers by identifying weaknesses before they do.

The hardest part is that this requires a major mindset shift. You go from doing all you can to prevent an attack, to assuming compromise and finding ways to take down your systems.

Sometimes the only way to know your weaknesses is to exploit them. This can be achieved through penetration testing, which should only be conducted by qualified ethical hackers.

Though offensive and defensive security are two different ways of protecting your business, both are equally important. They should work together to create a comprehensive security plan.

The cyber-kill chain: what is it and why is it relevant to security?

The Cyber Kill chain is a framework developed by Lockheed Martin to help businesses identify and prevent cyber breaches. It is based on the Intelligence Driven Defence model, which focuses on gathering intelligence to thwart attacks before they happen.

The model outlines the steps hackers must complete to achieve their objectives. The seven steps in the Cyber Kill Chain help improve visibility into the process of an attack.

This provides a deeper understanding of an adversary’s methods, techniques, and tactics.

The Cyber Kill Chain can be used to help build more resilient defences, or as a guide for more offensive action. In other words; ethical hacking. Penetration testing can be designed around each stage of the kill chain, to identify gaps, threat identification and the effectiveness of mitigation strategies.

Using this is key to both defensive and offensive security. If you want to fully address the life cycle of an attack, you need to follow the kill chain fundamentals.

The framework was established to provide a more effective way of preparing for real-world attacks. Lockheed believe that compliance driven strategies, lead to gaps in protection and poor defence against security breaches.

Creating a security strategy based on a list of mandated controls, gives businesses a false sense of security. A “control first” mindset, leads to increased risk and ineffective protection. You’ll also end up wasting resources on technology that doesn’t do anything to address real-world threats.

Lockheed also believe having a vulnerability driven approach can have a detrimental impact on security. Whilst excessive focus is placed on vulnerabilities and their impact, the wider importance of threat scenarios and attack patterns is unaddressed. This means that vulnerability metrics are not analysed in context, which drives unnecessary resource focus and security spending.

What is a threat-focussed approach to security?

A threat-driven approach is a security mindset. It helps businesses develop the right strategy to respond to threats and allocate the necessary resources to protect assets.

The main aim of this approach is to tailor controls, processes and testing to actual threats which your business could face. Before the approach is put into practice, a thorough risk assessment and analysis is performed.

This will shape your security requirements. You can then address threats and high-risk attack vectors which threaten the security of your most sensitive information.

With a threat driven model, the aim is to facilitate relevant dialog across business operations about determining and managing risk practices.

For example, many firms have organisational boundaries between departments. This means key threat data is not shared between teams. A threat-focussed process would seek to break down the barriers between two siloed functions and replace it with an integrated approach.

They can then detect, respond, and understand shared risk in a more efficient way. Suddenly, they’re singing from the same hymn sheet.

Threat modelling and how it can benefit your strategy

Although threat modelling is commonly used in web application security, it is not only relevant to open source software development.

Threat Modelling is a great way of seeing the big picture. It helps you understand your attack surface and IT ecosystem as whole.

The first step in securing your systems is to identify the key threats and security objectives.

Once you know what you’re up against, you can develop measures to reduce the risk of compromise.

The benefits of threat modelling and threat focussed Cyber Security:

1. Get the most value out of your next pen test

There are many types of penetration testing, but a threat-focused penetration test will help you get the most value from your next engagement. It helps penetration testers map out key threats so they can tailor a more worthwhile security assessment.

Traditional penetration tests often focus on a narrow scope such as your web application security or internal network. But this is not how a real-life breach would play out. The scope of a threat focussed penetration incorporates the threats you face, so you can see how you respond to them.

2. Rank security risks

A threat modelling pen test helps rank vulnerabilities based on the level of risk to your business.

3. Threat mapping

Threat mapping helps to understand how security threats could travel through your network infrastructure. This provides insight into how and where hackers could move to once access is gained.  Defences can then be more effectively layered where needed.

4. Enhance your security strategy

Threat modelling can greatly enhance the effectiveness of your security strategy. It helps to identify which security measures are most important for your business. You can then focus on improving those areas.

5. Understand threats

It helps your IT and Security teams better understand the impact of threats, rank their severity, and implement sufficient controls.

6. Create a mitigation plan

The threat modelling process helps identify potential risks and how they could be exploited. This information can then be used to create a plan to mitigate these risks in the event of an attack.

7. Assess business continuity

Performing threat modelling helps identify the value of your asset and the impact of compromise on your business continuity.

8. Prioritise fixes

It can help your teams prioritise fixes and patches, based on the severity and impact of anticipated threats.

Ready to build a threat-focussed strategy you have confidence in?

No one wants a tunnel vision view into cyber resilience. When it comes to security insights, we believe every brand deserves to know the big picture. Our team of expert testers are on hand to shed light on your darkest security concerns.

Our testing services go beyond the scope of traditional pen tests, we incorporate:

This helps you understand threats in context, and how your security would handle a realistic attack.

If you would like to chat to our team of experts about integrating threat profiling and the Cyber Kill Chain into your security strategy, you can call us on 0121 663 0055, start a live chat or email enquiries@equilibrium-security.co.uk. 

Ready to achieve your security goals? We’re at your service.

Whether you are a CISO, an IT Director or a business owner, Equilibrium has the
expertise to help you shape and deliver your security strategy.

Latest posts