What is the defenders' primary objective in the seven-phase intrusion model?

Breaking the chain early is the defender's primary objective in the seven-phase intrusion model. The model traces attacker progress from initial recon through to actions on objectives, and interrupting the attack at the earliest possible phase prevents escalation, containment becomes easier, and overall impact is minimized. The defender achieves this through rapid detection, containment, and strong preventive controls that disrupt initial access, delivery, or exploitation before the attacker can establish persistence or reach valuable assets. Understanding the phases helps explain attacker methods, but the main goal is to stop progression as soon as possible, not just map the stages. Focusing solely on eliminating a later capability like command and control or trying to maximize detection time would allow the attacker to advance further, which is not desirable from a defense perspective.