Documente Academic
Documente Profesional
Documente Cultură
We have known for a considerable period of time that the perimeter-centric security approach is
but organizations should not move away from these controls because they provide a solid
to allocate and prioritize resources, they should be extended with methods based on an
cious actions.
In this report:
11
proofpomt.
In 2011, researchers at Lockheed Martin devel- advanced threats, automating incident response,
oped the Kill Chain modeled on evidence from and reducing the impact of potential breaches ad-
network attacks.2 The Kill Chain is widely known, dress the reality of todays advanced attacks and
understood and quoted in security circles. How- aligns security infrastructure with the Kill Chain.
security infrastructure investments. Gartner re- Email which continues to be a critical business
search recommends organizations: Understand service is the top route for attackers. The Proof-
the flow of the kill chain to better understand your point security suite detects and manages ad-
adversaries and therefore adjust your defensive vanced email-borne threats, provides security for
tactics to improve your security posture."3 Align sensitive data, and accelerates the identification
your defenses with reality. Augment existing and containment of new threats.
deploy innovative techniques to detect, block and - Stopping more advanced threats: Delivered
disrupt the attack before it occurs, shorten the through the cloud-based Proofpoint Enterprise
response time and ultimately protect enterprise Protection Suite, organizations of all sizes
Proofpoint Aligned to the Cyber Kill classifies and blocks threats, while leveraging
listed in Table 1 of the attached Gartner report. - Detecting advanced threats faster with
Our focus is a subset. Proofpoints solution set actionable intelligence: Proofpoint Targeted
maps to the Cyber Kill Chain model as detailed Attack Protection detects phishing and web
About Proofpoints Superior Advanced Backed by continuous big data analysis of bil-
Th reat Protection lions of data points, Proofpoint provides detailed
Block, Detect, Respond, and Harden are the key information around campaign type, targeted us-
pillars of the Proofpoint solution set. Proofpoints ers and potentially infected systems. Armed with
portfolio of industry-leading security solutions this information, organizations can identify and
for blocking email-borne attacks, detecting new manage new threats before they lead to data
Weaponise Deliver
Threats
Ta rgeted Content
Attack Control
Protection
1Addressing the Cyber Kill Chain (Gartner), p. 1
2http://www.lockheedmartin.com/us/what-we-do/information-technology/cyber-security/cyber-kill-
chain.htrnl
3Ibid. 1
proofpomt.
Source: Proofpoint
proofpomt.
so successful.
security posture.
considered successful.
Introduction
exfiltrating data?
proofpomt.
ligence on a target.
service exploitation).
Analysis
weak link.
Recon Deliver
Weaponize
Install Act
Command
proofpomt.
cate or Deceive
ligence, TIP
VA tion hardening,
application reme-
diation
network behav-
ioral analysis,
threat intelligence,
NIPS, NGFW,
inspection, TIP
Exploitation EPP, NIPS, SIEM, EPP, NGIPS, ATD, NIPS, NGFW, data restoration
Installation EPP, endpoint fo- EPP, MDM, IAM, EPP, HIPS, incident response,
Control work forensics, blocking, DLP, ATA threat intelligence system restore
Action on Targets logging, SIEM, egress filtering, QoS, DNS, DLP, incident response
The section below expands on the table above, - Use software application security testing
giving specific examples and guidance that orga- (SAST) and security development life cycle
nizations can investigate. Adding more technology (SDL) to make sure that applications arent
is often not required, but CISOs should take full leaking sensitive details and are processing
Weaponization
This phase is often executed without knowledge of knowledge of the organization being targeted.
your organization. Approaches forthis phase are: Organizations need to take proactive steps:
- Perform regular external scanning and pene- - Keep abreast of newly disclosed vulnerabili-
tration testing to highlight what an adversary ties and have up-to-date data about which
would find if and when your organization vulnerabilities have weaponized exploits avail-
comes under scrutiny. This information can able for them. V\th this information, prioritize
ing the attack surface area. controls like virtual patching through intrusion
discloses information that would make it viders that can add value with threat forecast-
for monitoring both public and underground becoming available for sale that is designed
Internet sites, to look for activity that is spe- to look identical to your organizations.
- Ensure that perimeter controls and Internet forms (TIPs) to add in threat and adversary
- Use honeypots where adversary activity can - Next-generation intrusion prevention to pro-
attempts
proofpomt.
activity
cious hosts
Installation
whitelisting.
can detect and deny access to the organizations - Identity and strong authentication methods
cess to data.
- Security information and event management
(SIEM) to correlate the events and logs from Once identified, recover from the situation by
network generation intrusion prevention sys - Restore servers and end-user devices back to
tern (NGIPS), email and Web security known good trusted states
proofpomt.
of out-ofcharacter behavior
Action on Targets
previously unseen.
destination.
proofpomt.
DAST dynamic application security testing NIPS network intrusion prevention system
EPP endpoint protection, including host SIEM security information and event
ETDR endpoint threat detection and response SWG secure Web gateway
that
provides cloud-based solutions for comprehensive threat protection, incident response, secure
commu-
nications, social media security, compliance, archiving and governance. Organizations around the
world
depend on Proofpoints expertise, patented technologies and on-demand delivery system. Proofpoint
protects against phishing, malware and spam, while safeguarding privacy, encrypting sensitive
infor-
mation, and archiving and governing messages and critical enterprise information. More
information is
available at www.proofpoint.com.
Defending against Advanced Threats: Addressing the Cyber Kill Chain is published by Proofpoint
Editorial content supplied by Proofpoint is independent of Gartner analysis.
All Gartner research is used with Gartners permission, and was originally published as part of
2015 Gartner, Inc. and/or its afliates. All rights reserved. The use of Gartner research in this
and/or strategies. Reproduction or distribution of this publication in any form without Gartners
been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the
expressed herein are subject to change without notice. Although Gartner research may include a
discussion of related legal issues, Gartner does not provide legal advice
or services and its research should not be construed or used as such. Gartner is a public company,
and its shareholders may include rms and funds that have nancial
interests in entities covered in Gartner research. Gartners Board of Directors may include senior
dently by its research organization without input or inuence from these rms, funds or their
http://wwwgartner.com/technoIogy/about/ombudsman/omb_guide2.jsp.