Last Updated:
Image courtesy of SecureWorks

CyberSecurity 'Kill Chain'

What is the Cyber Kill Chain Model?

‘Kill Chain’ is a term originally used by the military to define the steps an enemy uses to attack a target. In 2011, Lockheed Martin released a paper defining a Cyber Kill Chain. Similar in concept to the military’s model, it defines the steps used by cyber attackers in today’s cyber-based attacks

The theory is that by understanding each of these stages, defenders can better identify and stop attackers at each of the respective stages. The more points at which you can intercept the bad guys, the better the chance you have to deny them from their objective or force them to make enough noise where you can more easily detect them. 

The 'Kill Chain' model was developed by Lockheed Martin, named officially as the Cyber Kill Chain® framework, is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

The seven steps of the Cyber Kill Chain® enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques and procedures.

A: Advanced
Targeted, Coordinated, Purposeful

P: Persistent
Month after Month, Year after Year

T: Threat
Person(s) with Intent, Opportunity, and Capability