SDN capabilities like micro-segmentation, service chaining, and security orchestration can disrupt the APT kill chain. SDN allows automatic provisioning of dynamic security policies. It restricts lateral movement and transparently inserts compensating controls. Security orchestration further automates responses by leveraging intelligence to update network and host-based defenses based on incidents. Together, these SDN features counter APT persistence and give attackers a moving target.