Giora Engel onÂ The Cyber Kill Chain:
If you must use the Chain model, zero in on No. 7. Focus on detecting ongoing attacks â€” attackers that have already breached your perimeter â€” before the damage is done. Instead of analyzing old malware, deploy a breach detection system that automatically detects and analyzes the changes in user and computer behavior that indicate a breach. These subtle changes are usually low-key and slow, and affect only a small number of computers, but the right analysis and context can flag them as malicious.
Source:Â Deconstructing The Cyber Kill Chain