Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking and Finance Review

Global Banking and Finance Review - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Profile
    • Privacy & Cookie Policy
    • Terms of Use
    • Contact Us
    • Advertising
    • Submit Post
    • Latest News
    • Research Reports
    • Press Release
    • Awards▾
      • About the Awards
      • Awards TimeTable
      • Submit Nominations
      • Testimonials
      • Media Room
      • Award Winners
      • FAQ
    • Magazines▾
      • Global Banking & Finance Review Magazine Issue 79
      • Global Banking & Finance Review Magazine Issue 78
      • Global Banking & Finance Review Magazine Issue 77
      • Global Banking & Finance Review Magazine Issue 76
      • Global Banking & Finance Review Magazine Issue 75
      • Global Banking & Finance Review Magazine Issue 73
      • Global Banking & Finance Review Magazine Issue 71
      • Global Banking & Finance Review Magazine Issue 70
      • Global Banking & Finance Review Magazine Issue 69
      • Global Banking & Finance Review Magazine Issue 66
    Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

    Global Banking & Finance Review® is a leading financial portal and online magazine offering News, Analysis, Opinion, Reviews, Interviews & Videos from the world of Banking, Finance, Business, Trading, Technology, Investing, Brokerage, Foreign Exchange, Tax & Legal, Islamic Finance, Asset & Wealth Management.
    Copyright © 2010-2026 GBAF Publications Ltd - All Rights Reserved. | Sitemap | Tags | Developed By eCorpIT

    Editorial & Advertiser disclosure

    Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    Home > Technology > System State Intelligence and the Intrusion Kill Chain
    Technology

    System State Intelligence and the Intrusion Kill Chain

    Published by Gbaf News

    Posted on March 20, 2013

    5 min read

    Last updated: January 22, 2026

    Dwayne Melancon, CTO of Tripwire, explores the importance of System State Intelligence in enhancing security measures against the intrusion kill chain, crucial for effective cyber defense.
    Dwayne Melancon discussing System State Intelligence and the intrusion kill chain - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Dwayne Melancon, Chief Technical Officer, Tripwire

    Dwayne-MelanconSynopsis: In kill chain analysis, an attacker has to progress through stages before they achieve their objective, and it takes just one successful mitigation effort to thwart the attacker. SSI can increase the timeliness and accuracy of security incident detection efforts and increase the overall effectiveness of all network security tools.

    The time has come to examine how System State Intelligence (SSI) relates to the “kill chain” – also known as the “intrusion kill chain,” or the “cyber kill chain”. Why? Because in most enterprises there is a bias toward the network-centric and event-centric elements of intrusion detection, and there needs to be better integration of the state-centric security elements in order to ultimately improve security effectiveness.

    What is the Intrusion Kill Chain?
    The kill chain concept is based on work conducted by Lockheed Martin’s Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin, Ph.D which is detailed in a paper titled, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.” In a nutshell, the intrusion kill chain is a model that describes the order of events during an attack, and provides a method to segment, analyze, and mitigate the offensive.

    The Lockheed paper defines a kill chain as “the structure of the intrusion, and the corresponding model [which] guides analysis to inform actionable security intelligence.” In other words, rather than trying to look at network security events in isolation as a separate population of data, they should be integrated by grouping them according to the attack vectors.

    The intrusion kill chain can be thought of as “supply chain management” for cyber attacks, and the end game is to produce an objective model for dealing with attacks as early in the process chain as possible by aligning responses to the stage and severity level of an attack.

    A core assumption in any kill chain analysis is that an attacker has to progress through each stage of the chain before they achieve their objective, and it takes just one successful mitigation effort to disrupt this progress and thwart the attacker.

    System State Intelligence (SSI)
    System State Intelligence (SSI) is an approach to security that is designed to identify the leading indicators of any security compromise, to reduce the number of false positives, and in the end increase the accuracy of network incident detection.

    Effective SSI requires the presence of several key capabilities.First of all, it must provide full awareness of the state of your network systems, including how they are configured and whether that configuration corresponds to policies. This level of awareness anchors system states to a recognizable baseline –a “known and trusted state.”

    Secondly, SSI must include continuous monitoring of those systems for any changes or deviations from the baseline or the configuration policies, and must use this awareness to detect any unwarranted events in order to foster security-based context and prioritizations. SSI lets you continuously know what the state of your systems was, what it should be, and how it’s changing in real time.

    How Does System State Intelligence Strengthen the Intrusion Kill Chain?

    SSI contributes to the intrusion kill chain in most of the phases of an attack. The following table provides some examples:

    tripware-system
    This is not a comprehensive list, but should provide some food for thought about how SSI is involved in the intrusion kill chain.

    SSI Can Improve the Effectiveness of Other Security Tools and Processes

    In addition to the examples in the table above, SSI can also increase the timeliness and accuracy of security incident detection efforts, as well as increase the overall effectiveness of other network security tools. For example, it can reduce false positives because suspicious changes to the system state are really good initial indications of attack, and SSI alerts are typically free of false positives.

    SSI can also find evidence of a compromise faster, because once SSI has identified a suspicious change to a group of systems that knowledge enables a more targeted investigation to ensue.

    If you typically perform full-packet captures of data on your network, you end up with an overwhelming amount of data, which can be an obstacle when you are conducting an incident investigation. With SSI, you can begin the investigation by looking for something specific, such as the traffic that interacted with specific (compromised) systems at a certain time and which are associated with specific user accounts.

    The Bottom Line
    In short, using SSI to determine your starting points enables a more efficient, focused investigation, which enhances the value of your full-packet capture systems and increases the effectiveness of your Security staff. We are just barely scratching the surface here, but hopefully you can see that System State Intelligence is a core capability that will serve to strengthen your intrusion kill chain.

    Tripwire is exhibiting at Infosecurity Europe 2013, the No. 1 industry event in Europe held on 23rd – 25th April 2013 at the prestigious venue of Earl’s Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk

     

     

     

    More from Technology

    Explore more articles in the Technology category

    Image for Infosecurity Europe launches new Cyber Startup Programme to champion the next generation of cybersecurity innovators
    Infosecurity Europe launches new Cyber Startup Programme to champion the next generation of cybersecurity innovators
    Image for BLOXX Launches ĀRIKI BLOXX at Web Summit Qatar
    BLOXX Launches ĀRIKI BLOXX at Web Summit Qatar
    Image for Engineering Trust in the Age of Data: A Blueprint for Global Resilience
    Engineering Trust in the Age of Data: A Blueprint for Global Resilience
    Image for Over half of organisations predict their OT environments will be targeted by cyber attacks
    Over half of organisations predict their OT environments will be targeted by cyber attacks
    Image for Engineering Financial Innovation in Renewable Energy and Climate Technology
    Engineering Financial Innovation in Renewable Energy and Climate Technology
    Image for Industry 4.0 in 2025: Trends Shaping the New Industrial Reality
    Industry 4.0 in 2025: Trends Shaping the New Industrial Reality
    Image for Engineering Tomorrow’s Cities: On a Mission to Build Smarter, Safer, and Greener Mobility
    Engineering Tomorrow’s Cities: On a Mission to Build Smarter, Safer, and Greener Mobility
    Image for In Conversation with Faiz Khan: Architecting Enterprise Solutions at Scale
    In Conversation with Faiz Khan: Architecting Enterprise Solutions at Scale
    Image for Ballerine Launches Trusted Agentic Commerce Governance Platform
    Ballerine Launches Trusted Agentic Commerce Governance Platform
    Image for Maximising Corporate Visibility in a Digitally Driven Investment Landscape
    Maximising Corporate Visibility in a Digitally Driven Investment Landscape
    Image for The Digital Transformation of Small Business Lending: How Technology is Reshaping Credit Access
    The Digital Transformation of Small Business Lending: How Technology is Reshaping Credit Access
    Image for Navigating Data and AI Challenges in Payments: Expert Analysis by Himanshu Shah
    Navigating Data and AI Challenges in Payments: Expert Analysis by Himanshu Shah
    View All Technology Posts
    Previous Technology PostBit9 2013 Server Security Survey Shows Concerns about Targeted Malware Rising
    Next Technology PostKeeping IT GRC simple by getting IT SaaSed!