Indicators of Compromise (IoCs)
In the current threat environment, rapid communication of threat information is the key to quickly detecting, responding and containing targeted attacks. Hunting for Indicators of Compromise (IoCs) is an effective way to combat advanced attackers. IoCs are forensic artifacts of an intrusion that can be identified on a host or network.
IoCs tie to observables and observables tie to measurable events or stateful properties which can represent anything from the creation of a registry key on a host (measurable event) to the presence of a mutex (stateful property). For example, after using the APT Detection Framework to optimize and check for any gaps an organization should continuously monitor and detect things like:
All of these items can provide early indications of bad actors, and help you identify and contain security incidents before they result in loss. Though not present in all incident response scenarios, IoCs are present more often than not should the security analyst have the cycles and opportunity to learn where and how to identify them. The ability for a security analyst, incident responder or threat researcher to collect, record and notate IoCs in a detailed manner is a critical success factor.
Subscribe to our blog on how to secure your digital assets and achieve more.