Practical Attack Detection, Analysis, and Response using Big Data, Semantics, and Kill Chains within the OODA Loop

The traditional approach to using toolsets is to treat them as independent entities - detect an event on a device with one tool, analyze the event and device with a second tool, and finally respond against the device with a third tool. The independent detection, analysis, and response processes are traditionally static, slow, and disjointed. The modern approach to using toolsets must leverage them in an adaptive, synergistic, and agile manner. Colonel John Boyd's decision cycle or OODA loop (Observe-Orient-Decide-Act) favors agility over raw power and is potentially apropos for synergistic, agile, and rapid incident detection, analysis, and response. Layering Boyd's OODA loop on a framework of Big Data, Semantics, and Kill Chains is potentially, the choice for not only detecting modern attacks, but also for augmented, analysis, and response in an adaptive, synergistic, and agile manner. The objective is to show that Big Data, Semantics, Kill Chains, and the OODA loop offer the ability to augment the human in detection, analysis, and response with adaptivity, synergy, and agility.