Skip to content

What is it?

The attack lifecycle or sequence of phases that malicious hackers use to exploit their targets.

Why is it important?

Cybersecurity professionals can create winning security and readiness programs by understanding the methods of their adversaries.

Why does a business professional need to know this?

Understanding the kill chain helps cybersecurity professionals detect an attacker’s perspective and helps business professionals understand the process that cybersecurity specialists use when investigating a breach.

Understanding each phase of the kill chain and how those phases relate to the IT landscape of your organization can help you develop the policies, controls, and preparations needed to defend against attacks.

The kill chain phases include the following:

  1. Reconnaissance: attackers discover information about their target using a combination of profiles and vulnerabilities.
  2. Infiltration: attackers weaponize the information to break into vulnerable systems, typically through network vulnerabilities or social engineering.
  3. Exploitation: after breaking in, attackers exploit their access and hunt for valuable targets, including email archives, credit card data, and customer records.
  4. Exfiltration: exfiltration is the process attackers use to capture and remove data. This can be done all at once or over a period of time.
  5. Monetization or media release: criminals motivated by money typically sell data on the dark web to the highest bidder; those motivated for political reasons are more likely to deliver data directly to the media or WikiLeaks.

A good defensive practice is to map the kill chain to high-risk targets (for example an email archive), evaluate out how an attacker would go about stealing the archive, and then put controls and policies in place to block a cybercriminal at each phase, effectively breaking the kill chain(Sager 2014).


About Simon Puleo

Photo of Simon Puleo

Simon Puleo, Certified Ethical Hacker (CEH), is an educator/trainer by day and a security researcher at night. As a global enablement manager at Micro Focus, he helps employees and customers implement identity-powered security with an emphasis on access control, including multi-factor authentication and identity governance. Previously, he worked for Hewlett Packard Enterprise Security, focusing on application security, encryption key management, and security information and event management (SIEM). Simon is a thought leader actively engaged in researching the cyber-threat landscape and sharing his perspectives in seminars and articles.

Term: Kill Chain


Twitter: @simon_puleo


What is it?

A European Union regulation designed to give people more control over their personal data and to define how organizations must process such data.

Why is it important?

The GDPR expands the scope of data protection globally. This is important because it applies to many more organizations than previous regulations. In particular, the GDPR applies to any entity that has an establishment (any place of business) in the European Union and collects or processes personal data about any person in the world. And it applies to any entity that collects or processes personal data from a person in the European Union, regardless of where that entity is based.

...continue reading "Term of the Week: General Data Protection Regulation (GDPR)"

What is it?

A prescriptive information security standard designed to protect the confidentiality of credit and debit card data.

Why is it important?

All organizations that store, process, or transmit payment card data typically have a contractual requirement to comply with PCI DSS. Some countries and US states also mandate PCI DSS compliance by law(PCI-DSS standard).

...continue reading "Term of the Week: Payment Card Industry Data Security Standard (PCI DSS)"