The Kill Chain model is a useful way to understand how adversaries are able to compromise their victims. During the earliest stages of preparation for an attack, the reconnaissance phase, attackers have not yet breached the victim environment, but they are, in fact, leaving subtle clues behind. These clues can be detected and enriched to help an organization prepare defenses ahead of the first directly invasive move by the adversary.
Join SANS instructor and Kill Chain Model co-author Mike Cloppert, and DomainTools Director of Product Management Tim Helming, to learn how DNS and domain profile information can enable network defenders to defend ahead of time, to detect breaches in progress, and to carry out effective incident response and forensics