Industry Expert Suggests the Cyber Kill Chain is Dead

Tom Kellermann, CSO of cybersecurity firm Carbon Black, recently published a whitepaper defining what he calls the Cognitive Attack Loop where he suggests it is time for a paradigm shift away from Lockheed Martin’s Cyber Kill Chain for cybersecurity defense. In Cognitions of a Cybercriminal, Kellermann contends defenders need to think in terms of a continuous loop, as opposed to a chain depicted with a defined beginning and end where it assumes actors will eventually exit the network. There are three phases to the Cognitive Attack Loop: recon and infiltrate; maintain and manipulate; execute and exfiltrate – along with the understanding that this loop repeats and evolves, as adversaries maintain network persistence. While the Cyber Kill Chain may seem rigid, the loop idea is not entirely new, as defenders have been aware of the persistence aspect of the adversary attack cycle for some time. Kellerman just brings the Cognitive Attack Loop model to the forefront and suggests defenders should not rely solely on the Cyber Kill Chain for network defense. Read the post at Security Week