What is Cyber Kill Chain?

Understanding Cyber Kill Chain

The Cyber Kill Chain framework breaks down cyber attacks into seven sequential stages, similar to how military operations are analyzed. Developed by Lockheed Martin, it maps the typical progression attackers follow: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and finally, actions on objectives. This model's value lies in helping defenders understand where in the attack sequence they can most effectively disrupt adversaries. For instance, it's often easier to block malicious email attachments (delivery phase) than to detect data exfiltration (actions phase). Security teams use the Kill Chain to map their defensive capabilities, identifying gaps in coverage for particular attack phases. It also helps communicate about attacks in a structured way. While the model has been criticized for focusing primarily on malware-based attacks rather than covering the full spectrum of modern threats, it remains a foundational concept that has influenced many subsequent attack frameworks.