Since Lockheed Martin published its paper on the network intrusion kill chain, the concept has become widely accepted. It is pretty common to see even vendors discuss the idea in their documentation and sales pitches. Even though the idea has been widely accepted, defenders have only focused on two of the proposed courses of action -- detect and deny. Few organizations are working to disrupt, degrade, or deceive attempted network intrusions. This presentation will focus on defensive techniques that involve interrupting, deceiving, or flat out frustrating an attacker.
Stephen Hosom is a security enthusiast with a large amount of Blue Team experience in doing a lot of things wrong--and sometimes getting it right.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek