Blue Team Cyber Kill Chain - Window of Opportunity

(Click image for larger version)

Microsoft's BlueHat conference introduced the concept of a blue team cyber kill chain (see, as a defender-centric version of the standard attack focussed cyber kill chain. This described the chain of actions a defender needs to go through to find and evict attackers.

This lead us to the idea of a window of opportunity intersecting different stages of the red and blue teams' kill chain; this is the window during which the attacker is live on systems but has not yet completed their objective. It is during this window that attacks can be detected and disrupted.