A layered security architecture based on cyber kill chain against advanced persistent threats.

Inherently, static traditional defense mechanisms which mostly act successfully in detecting known attacks using techniques such as blacklisting and malware signature detection are insufficient in defending against dynamic and sophisticated advanced persistent threat (APT) cyberattacks. These attacks are usually conducted dynamically in several stages and may use different attack paths simultaneously to accomplish their commission. Cyber kill chain (CKC) framework provides a model for all stages of an intrusion from early reconnaissance to actions on objectives when the attacker's goal is met which could be stealing data, disrupting operations or destroying infrastructure. Achieving the final goal, an adversary must progress all stages successfully. Any disruption at any stage of the attack by the defender would mitigate or cease the intrusion campaign. In this chapter, we align 7D defense model with CKC steps to develop a layered architecture to detected APT actors tactics, techniques and procedures in each step of CKC. This model can be applied by defenders to plan resilient defense and mitigation strategies against prospective APT actors.