RSA 2013 Recap: Cyber Kill Chains Aren’t Just Useful for Businesses
Posted on by Lysa Myers
This week marked the 22nd annual RSA conference, which is one of the biggest security conferences of the year. The theme for the event this year was “Security in Knowledge: Mastering Data. Securing the World.” There has definitely been a clear change of tone to one of securing data rather than just machines. With more data moving to the cloud and onto people’s mobile devices, the whole idea of protecting your digital assets has really changed. Thieves aren’t just going to a central home computer to get the mother lode of data, which means they don’t care as much about what operating system you’re on (if they ever really did).
Another interesting change from years past is a much more battle-weary, realistic tone to presentations. After a year of press about “Advanced Persistent Threats” that are able to get into and stay undetected on networks for years, security vendors aren’t really promising bulletproof solutions anymore. They’re promising improved visibility into your network, help with remediation, and better protection for your data, wherever it resides. I found this a rather refreshing change — it allows us to change the conversation from one of essentially blaming the victim (“You weren’t updated/using proper settings/using enough layers”) when breaches or infections happen to one of preparing for the possibility of a security event.
One theme I’ve been seeing mentioned more frequently in security circles is the concept of a “kill chain,” which in this case refers to the security tactic of reversing the attack progression. Much like in the case of a “meat space” burglary, the thief will perform reconnaissance on a building before trying to infiltrate it, and then go through several more steps before actually making off with the loot. The object of using a kill chain is to stop the thief as soon in the attack progression as possible. This requires a good bit of intelligence and visibility into what’s in your network so that when something is there that shouldn’t be, you can sound the alarms and thwart the attack.
Lockheed Martin recently released details of their own success using a kill chain tactic to stop someone who had intruded on their network. It’s not just something that applies to government contractors or giant corporations, but also something that we can all apply to our own protection. And in the case of a home network, the intelligence can be considerably less complex.
You don’t have to be worried about new employees or unknown guests. You should have a pretty good idea who’s a guest in your home network, and who is an unauthorized intruder. You can use tools that tell you what data is where on your computer, and what traffic is happening into and off of your machines. And then you can lock away your data and cherry-pick the valid traffic, stopping intruders from making off with your valuables.