Cybersecurity , Data Breach , Risk Management

Defense Strategies for Advanced Threats: Breaking the Cyber Kill Chain with SANS 20 Critical Security Controls
Defense Strategies for Advanced Threats: Breaking the Cyber Kill Chain with SANS 20 Critical Security Controls

Data breaches have become headline news, affecting government agencies, large corporations and small to mid-sized companies. Many of these breaches went on for months before being detected. Stopping a determined, well-resourced adversary requires the ability to detect the intrusion when the intruder is most vulnerable.

Join this session to learn:

  • Techniques to detect breaches more quickly, thereby mitigating the damage
  • The phases of the Cyber Kill Chain and its importance to stop attacks
  • How the SANS 20 Critical Security Controls can be linked to the attack phases of the Cyber Kill Chain

Background

Whether the term used is "Advanced Persistent Threat (APT)," "advanced threat" or "state-sponsored threat actor," cyberattacks are increasing in sophistication and the amount of damage they can inflict. These attacks, frequently affiliated with governments or organized crime, have the resources, expertise and time necessary to meet their objectives.

Organizations should expect to be compromised in the future (if they have not already been compromised) because a well-funded, state-sponsored adversary is likely to find a weakness in a targeted environment and obtain access. This is sound advice, and all organizations must develop, implement and test incident response processes to prepare for inevitable security incidents.

If an organization experiences an intrusion, however, it does not necessarily mean that they will experience a substantial loss of sensitive data. A critical time period exists during an attack - the period of time after the attacker has established a presence in the targeted environment, but before the attacker has been able to identify, access and exfiltrate key data. If an intrusion is detected before critical data is exfiltrated, the impact can be minimized. Organizations must develop capabilities not only to prevent successful attacks, but also to detect attacks in progress.

In this webinar, Solutionary will present one approach to develop these capabilities. This approach maps the defensive techniques presented in the SANS 20 Critical Security Controls to the attack phases described in the Cyber Kill Chain. By ensuring that controls exist to detect each step of the kill chain, organizations provide themselves with the best opportunity to detect attacks.



Around the Network