Netskope wurde im Gartner Magic Quadrant für Security Service Edge 2022 als führendes Unternehmen ausgezeichnet. Report abrufen.

  • Produkte

    Netskope-Produkte basieren auf der Netskope Security Cloud.

  • Plattform

    Unübertroffene Transparenz und Daten- und Bedrohungsschutz in Echtzeit in der weltweit größten privaten Sicherheits-Cloud.

Netskope wurde 2022 zum Marktführer im Gartner Magic Quadrant™ for SSE Report ernannt

Report abrufen Netskope Produktübersicht
Netskope führend bei SSE in Gartner MQ 2022

Netskope bietet einen modernen Cloud-Security-Stack mit vereinheitlichten Funktionen für Daten- und Bedrohungsschutz sowie sicherem privaten Zugriff.

Erkunden Sie unsere Plattform
Städtische Metropole aus der Vogelperspektive

Steigen Sie auf marktführende Cloud-Security Service mit minimaler Latenz und hoher Zuverlässigkeit um.

Mehr Informationen
Beleuchtete Schnellstraße mit Serpentinen durch die Berge

Verhindern Sie Bedrohungen, die häufig anderen Sicherheitslösungen entgehen, mithilfe eines SSE-Frameworks mit single-pass Architektur

Mehr Informationen
Gewitter über einem Großstadtgebiet

Zero-Trust-Lösungen für SSE- und SASE-Deployments

Mehr Informationen
Bootsfahrt auf dem offenen Meer

Netskope ermöglicht einen sicheren, cloudintelligenten und schnellen Weg zur Einführung von Cloud-Diensten, Apps und Public-Cloud-Infrastrukturen.

Mehr Informationen
Windkraftanlagen entlang einer Klippe
  • Customer Success

    Sichern Sie Ihren Weg zur digitalen Transformation und holen Sie das Beste aus Ihren Cloud-, Web- und privaten Anwendungen heraus.

  • Kunden-Support

    Proaktiver Support und Engagement zur Optimierung Ihrer Netskope-Umgebung und zur Beschleunigung Ihres Erfolgs.

  • Schulung und Zertifizierung

    Netskope-Schulungen helfen Ihnen ein Experte für Cloud-Sicherheit zu werden.

Vertrauen Sie darauf, dass Netskope Sie bei dem Schutz vor neuen Bedrohungen, neuer Risiken und technologischer Veränderungen unterstützt. Ebenso bei organisatorischen sowie Compliance Anforderungen.

Mehr Informationen
Lächelnde Frau mit Brille schaut aus dem Fenster

Wir verfügen weltweit über qualifizierte Ingenieure mit unterschiedlichem Hintergrund in den Bereichen Cloud-Sicherheit, Netzwerke, Virtualisierung, Inhaltsbereitstellung und Softwareentwicklung, die bereit sind, Ihnen zeitnahe und qualitativ hochwertige technische Unterstützung zu bieten.

Mehr Informationen
Bärtiger Mann mit Headset arbeitet am Computer

Mit Netskope-Schulungen können Sie Ihre digitale Transformation absichern und das Beste aus Ihrer Cloud, dem Web und Ihren privaten Anwendungen machen.

Mehr Informationen
Gruppe junger Berufstätiger bei der Arbeit
  • Ressourcen

    Erfahren Sie mehr darüber, wie Netskope Ihnen helfen kann, Ihre Reise in die Cloud zu sichern.

  • Blog

    Erfahren Sie, wie Netskope die Sicherheits- und Netzwerktransformation durch Security Service Edge (SSE) ermöglicht.

  • Veranstaltungen& Workshops

    Bleiben Sie den neuesten Sicherheitstrends immer einen Schritt voraus und tauschen Sie sich mit Gleichgesinnten aus

  • Security Defined

    Finden Sie alles was Sie wissen müssen in unserer Cybersicherheits-Enzyklopädie.

Security Visionaries Podcast

Bonus-Episode: Die Bedeutung von Security Service Edge (SSE)

Podcast abspielen
Dunkelhäutiger Mann in einer Webkonferenz

Lesen Sie die neuesten Informationen darüber, wie Netskope die Zero Trust- und SASE-Reise durch Security Service Edge (SSE) -Funktionen ermöglichen kann.

Den Blog lesen
Sonnenaufgang und bewölkter Himmel

SASE-Week

Netskope hilft Ihnen dabei, Ihre Reise zu beginnen und herauszufinden, wo Sicherheit, Netzwerk und Zero Trust in die SASE-Welt passen.

Mehr Informationen
SASE-Week

Was ist Security Service Edge?

Entdecken Sie die Sicherheitselemente von SASE, die Zukunft des Netzwerks und der Security in der Cloud.

Mehr Informationen
Kreisverkehr mit vier Straßen
  • Unternehmen

    Wir helfen Ihnen, den Herausforderungen der Cloud-, Daten- und Netzwerksicherheit einen Schritt voraus zu sein.

  • Warum Netskope?

    Cloud-Transformation und hybrides Arbeiten haben die Art und Weise verändert, wie Sicherheit umgesetzt werden muss.

  • Unternehmensführung

    Unser Führungsteam ist fest entschlossen, alles zu tun, was nötig ist, damit unsere Kunden erfolgreich sind.

  • Partner

    Unsere Partnerschaften helfen Ihnen, Ihren Weg in die Cloud zu sichern.

Netskope ermöglicht das "neue" Arbeiten

Finde mehr heraus
Kurvige Straße durch ein Waldgebiet

Netskope definiert Cloud-, Daten- und Netzwerksicherheit neu, um Unternehmen dabei zu unterstützen, Zero-Trust-Prinzipien zum Schutz von Daten anzuwenden.

Mehr Informationen
Serpentinenstraße auf einer Klippe

Denker, Architekten, Träumer, Innovatoren. Gemeinsam liefern wir hochmoderne Cloud-Sicherheitslösungen, die unseren Kunden helfen, ihre Daten und Mitarbeiter zu schützen.

Lernen Sie unser Team kennen
Gruppe von Wanderern erklimmt einen verschneiten Berg

Die partnerorientierte Markteinführungsstrategie von Netskope ermöglicht es unseren Partnern, ihr Wachstum und ihre Rentabilität zu maximieren und gleichzeitig die Unternehmenssicherheit an neue Anforderungen anzupassen.

Mehr Informationen
Gruppe junger, lächelnder Berufstätiger mit unterschiedlicher Herkunft
Security Defined Cybersecurity Encyclopedia Was ist eine Cybersecurity-Kill Chain?

What is the Cyber Security Kill Chain?

7 min read

What is the Cyber Security Kill Chain?

The cyber security kill chain model explains the typical procedure that hackers take when performing a successful cyber attack. It is a framework developed by Lockheed Martin derived from military attack models and transposed over to the digital world to help teams understand, detect, and prevent persistent cyber threats. While not all cyber attacks will utilize all seven steps of the cyber security kill chain model, the vast majority of attacks use most of them, often spanning Step 2 to Step 6.

cyber security kill chain definition

 

What are the Steps of the Cyber Security Kill Chain?

Modellschritte der Cyber-Killkette

There are several other cyber kill chain models developed by other companies, but for the sake of simplicity, we’re going to stick with the Lockheed Martin model, which is the best-known framework in the industry. We’ve included explanations as well as brief solutions for each one so you can better understand the process hackers take to breach a target.

 

Step 1: Reconnaissance

Like any form of traditional warfare, the most successful cyber attacks start with lots of information gathering. Reconnaissance is the first step in the cyber security kill chain and utilizes many different techniques, tools, and commonly used web browsing features including:

  • Search engines
  • Web archives
  • Public cloud services
  • Domainnamen-Registrierungen
  • WHOIS command
  • Packet sniffers (Wireshark, tcpdump, WinDump, etc.)
  • Network mapping (nmap)
  • DIG command
  • Ping
  • Port scanners (Zenmap, TCP Port Scanner, etc.)

There is a wide range of tools and techniques used by hackers to gather information about their targets, each of which exposes different bits of data that can be used to find doors into your applications, networks, and databases which are increasingly becoming cloud based. It’s important that you secure your sensitive data behind cloud-based SASE defenses, encryption and secure web pages in order to prevent attackers from stumbling on compromising information while browsing through your publicly-accessible assets, including apps and cloud services.

 

Step 2: Weaponize

Once an attacker has gathered enough information about their target, they’ll choose one or several attack vectors to begin their intrusion into your space. An attack vector is a means for a hacker to gain unauthorized access to your systems and information. Attack vectors range from basic to highly technical, but the thing to keep in mind is that, for hackers, targets are often chosen by assessing cost vs. ROI.

Everything from processing power to time-to-value is a factor that attackers take into account Typical hackers will flow like water to the path of least resistance, which is why it is so important to consider all possible entry points along the attack surface (all of the total points in which you are susceptible to an attack) and harden your security accordingly.

The most common attack vectors include:

  • Weak or stolen credentials
  • Remote access services (RDP, SSH, VPNs)
  • Careless employees
  • Insider attackers
  • Poor or no encryption
  • System misconfiguration
  • Trust relationships between devices/systems
  • Phishing (social engineering)
  • Denial of service attacks
  • Man-in-the-middle attacks (MITM)
  • Trojans
  • SQL injection attacks
  • Und viele andere

Remember: a hacker only needs one attack vector to be successful. Therefore, your security is only as strong as its weakest point and it’s up to you to discover where those potential attack vectors are. Ransomware attacks continue to exploit remote access services to gain entry, make lateral movements, detect sensitive data for exfiltration, all before encrypting and making ransom requests.

So typically once an attacker is in, their next move is to find different ways to move laterally throughout your network or cloud resources and escalate their access privileges so their attack will gather the most valuable information, and they’ll stay undetected for as long as possible. Preventing this kind of behavior requires adopting “Zero Trust” principles, which, when applied to security and networking architecture, consistently demands reaffirmation of identity as users move from area to area within networks or applications.


Reports: Netskope Threat Labs Reports


 

Step 3: Delivery

Now that a hacker has gained access to your systems, they’ll have the freedom they need to deliver the payload of whatever they have in store for you (malware, ransomware, spyware, etc.). They’ll set up programs for all kinds of attacks, whether immediate, time-delayed or triggered by a certain action (logic bomb attack). Sometimes these attacks are a one-time move and other times hackers will establish a remote connection to your network that is constantly monitored and managed.

Malware detection with Next Gen SWGs to TLS decrypt and inspect web and cloud traffic are key components for preventing the delivery of these types of payloads. Increasingly attacks are cloud delivered with 68% of malware using cloud delivery versus web delivery. Running inline threat scanning services for web and cloud traffic along with accounting for the status of all endpoint devices is crucial in ensuring your company is not infected with any malicious software.

 

Step 4: Exploit

Once the attacker’s intended payload is delivered, the exploitation of a system begins, depending on the type of attack. As mentioned before, some attacks are delayed and others are dependent on a specific action taken by the target, known as a logic bomb. These programs sometimes include obfuscation features in order to hide their activity and origin in order to prevent detection.

Once the executable program is triggered, the hacker will be able to begin the attack as planned, which leads us to the next few steps, encompassing different types of exploitations.

 

Step 5: Install

If a hacker sees the opportunity for future attacks, their next move is to install a backdoor for consistent access to the target’s systems. This way they can move in and out of the target’s network without running the risk of detection by reentering through other attack vectors. These kinds of backdoors can be established through rootkits and weak credentials, and so long as their behavior doesn’t throw up any red flags to a security team (such as unusual login times or large data movements), these intrusions can be hard to detect. SASE architecture is uniting security defenses to collect rich metadata on users, devices, apps, data, activity and other attributes to aid investigations and enhance anomaly detection.

 

Step 6: Callback

Now that the programs and backdoors are installed, an attacker will take control of systems and execute whatever attack they have in store for you. Any actions taken here are solely for the purpose of maintaining control of their situation with the target, which can take all kinds of forms, such as planting ransomware, spyware, or other means for exfiltrating data in the future.

Unfortunately, once you learn of an intrusion and exfiltration, it is probably too late—the hackers have control of your system. That’s why it’s important to have safeguards that monitor and evaluate data movements for any suspicious activity. A machine is far more likely to detect and prevent malicious behavior faster than any network administrator.


Weißbuch: Protecting Data Using Machine Learning


 

Step 7: Persist

Everything has led to this. This is the continuous execution stage where an attacker takes action on their target and may encrypt your data for ransom, exfiltrate your data for monetary gain, bring down your network via denial of service, or monitor your system behaviors for any other openings via spyware, to name just a few potential outcomes. Espionage and monitoring are leading actions in this last kill chain step where attackers keep a low profile and persist.

This is where real-time monitoring of data movement and suspicious behavior detection is crucial because attackers will move as quickly as possible to achieve their goals. There is never enough time to react to every possible anomaly within a large corporate structure so your role in prevention must be proactive instead of reactive.

Putting the Cyber Security Kill Chain Steps into Practice

You should now have a rudimentary understanding of the common kill chain stages your company faces, and it’s up to you to fill in the gaps in your security strategy. While these steps were originally developed with traditional, perimeter-focused security in mind, many of these steps are used by insider attackers as well, with techniques including privilege escalation, shoulder surfing, SQL injections, and many others.

There are all kinds of reasons for attacks, including financial, political—even just for fun and recognition. Understanding what motivations an attacker might have for targeting your company will help you plan for potential attack vectors.

When developing your defense strategies, it’s important to look at all possible weak points, from your network to the cloud. The good news is that Netskope is uniquely positioned to take on all kinds of insider and outsider threats to your users, apps, data and cloud infrastructure. Learn more about how Netskope can help you prevent data loss and monitor abnormal movements of cloud data today.

 

Subscribe to the
Threat Labs Report

Get the monthly Threat Lab Report as soon as it’s released.