White Paper

Intelligence Driven Defense®

Start with intelligence and use it to combat your enemies.

Conventional network defense tools such as intrusion detection systems and anti-virus focus on the vulnerability component of risk, and traditional incident response methodology presupposes a successful intrusion. An evolution in the goals and sophistication of computer network intrusions has rendered these approaches insufficient for certain actors.

A new class of threats, appropriately dubbed the “Advanced Persistent Threat” (APT), represents well-resourced and trained adversaries that conduct multi-year intrusion campaigns targeting highly sensitive economic, proprietary, or national security information.

intelligence-driven-computer-network-defense-white-paper-cover.pngSee how the Lockheed Martin Computer Incident Response Team (LM-CIRT) used analysis obtained through the intrusion kill chains and robust indicator maturity to successfully detect and mitigate an intrusion leveraging a "zero-day" vulnerability.

This white paper also reviews

  • Using a kill chain model to describe phases of intrusions
  • Mapping adversary kill chain indicators to defender courses of action
  • Identifying patterns that link individual intrusions into broader campaigns
  • Understanding the iterative nature of intelligence gathering form the basis of intelligence-driven computer network defense (CND)