Intelligence Driven Defense®
Start with intelligence and use it to combat your enemies.
Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusion. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insufficient for certain actors.
A new class of threats, appropriately dubbed the “Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive economic, proprietary, or national security information.
See how the Lockheed Martin Computer Incident Response Team (LM-CIRT) used analysis obtained through the intrusion kill chains and robust indicator maturity to successfully detect and mitigate an intrusion leveraging a "zero-day" vulnerability.
This white paper also reviews
- Using a kill chain model to describe phases of intrusions
- Mapping adversary kill chain indicators to defender courses of action
- Identifying patterns that link individual intrusions into broader campaigns
- Understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND)