'The importance of detection and response is in the first 3 stages of the Cyber Kill Chain'
A concept initiated by Lockheed Martin to understand different stages of a cyber-threat, following the trails of the Cyber Kill Chain makes logical sense and leads to effective incident response. What the CTM360 team has realized is that in current industry practice, there is often more focus and investment on the last 4 stages of the kill chain. Detection, disruption and destruction of an attack in those stages is no doubt very important; however, we place higher emphasis on addressing incidents at the early stages of Reconnaissance, Weaponization and Initial Delivery.
For example, an IT or Security vendor staff touting details of your infrastructure on his Linkedin profile is definitely making the Reconnaissance stage effortless. Organizations need to be wary of such casual revelations. Another example is that of cousin domains, which are set up for sending out impersonated emails – these should be disrupted at an early stage.