News Releases2 min read

Carbon Black Proposes Updated Cybersecurity Kill Chain Model to Help Defenders Stay Ahead of Modern Attacks

New “Cognitive Attack Loop” helps defenders better understand modern cybercriminal cognitions via an attack cycle comprising three distinct phases

WALTHAM, Mass., July 31, 2019 (GLOBE NEWSWIRE) — Carbon Black (NASDAQ: CBLK), a leader in cloud-native endpoint protection today released a ground-breaking white paper that proposes an updated cybersecurity kill chain model to help defenders stay ahead of evolving cyberattacks.

The paper, “Cognitions of a Cybercriminal: Introducing the Cognitive Attack Loop and the 3 Phases of Cybercriminal Behavior,” delves into the various ways cybercriminals have evolved in recent years and offers specific guidelines for CISOs and security professionals to help manage risk. 

“We believe cybersecurity professionals should be looking at existing kill chain models with a new lens,” said Tom Kellermann, Carbon Black’s Chief Cybersecurity Officer and the paper’s primary author.  “It’s no longer helpful to approach cybersecurity linearly. Cognitions and context are critical and help reveal attackers’ intent. Understanding the root cause of attacks and the way attackers think is paramount to good cybersecurity. With the ‘Cognitive Attack Loop,’ we’re offering defenders an updated model of how attackers think and behave.” 

The paper outlines, in detail, the three phases proposed in the Cognitive Attack Loop – Recon & Infiltrate; Maintain & Manipulate; and Execute & Exfiltrate.

Click here to download the full paper from Carbon Black.

The Cognitive Attack Loop was borne from insight provided by Carbon Black’s cloud-native endpoint protection platform (EPP), which collects terabytes of data per day from around the globe, as well as insights from the Carbon Black Threat Analysis Unit (TAU).

“The more insight defenders have into cybercriminal behavior, the more effective technology can be in recognizing and stopping suspicious activity,” Kellermann said. “The patterns we see in attack data transcend any individual attack and allow us to provide protection against a broad set of threats without relying on specific pre-discovered indicators of compromise (IOCs). With the Cognitive Attack Loop, we’ve taken the various insights from our cloud-native EPP and our threat research efforts to arrive at a modern cycle that helps uncover cybercriminal behavior and gives defenders a true sense of how modern attackers are operating.”

Click here to download the full paper from Carbon Black.

About Carbon Black

Carbon Black (NASDAQ: CBLK) is a leader in cloud endpoint protection dedicated to keeping the world safe from cyberattacks. The CB Predictive Security Cloud® (PSC) consolidates endpoint security and IT operations into an endpoint protection platform (EPP) that prevents advanced threats, provides actionable insight and enables businesses of all sizes to simplify operations. By analyzing billions of security events per day across the globe, Carbon Black has key insights into attackers’ behaviors, enabling customers to detect, respond to and stop emerging attacks.

More than 5,300 global customers, including 35 of the Fortune 100, trust Carbon Black to protect their organizations from cyberattacks. The company’s partner ecosystem features more than 500 MSSPs, VARs, distributors and technology integrations, as well as many of the world’s leading IR firms, who use Carbon Black’s technology in more than 500 breach investigations per year.
Carbon Black and CB Predictive Security Cloud are registered trademarks or trademarks of Carbon Black, Inc. in the United States and/or other jurisdictions.


Ryan Murphy, Carbon Black
Director of Global Communications