Indicators of Attack Vs. Indicators of Compromise - CrowdStrike

An IOC is often described in the forensics world as evidence on a computer that indicates that the security of the network has been compromised. Investigators ... WhitePaper | ResourceCenter IndicatorsofAttackvs.IndicatorsofCompromise Formanyyears,theinformationsecuritycommunityhasreliedonindicatorsofcompromise(IOC)asthefirstindicationthatasystemororganizationhasbeenbreached.AnIOCisoftendescribedintheforensicsworldasevidenceonacomputerthatindicatesthatthesecurityofthenetworkhasbeencompromised.Investigatorsusuallygatherthisdataafterbeinginformedofasuspiciousincident,onascheduledbasis,orafterthediscoveryofunusualcall-outsfromthenetwork.Ideally,
thisinformationisgatheredtocreate“smarter”toolsthatcandetectandquarantinesuspiciousfilesinthefuture. Unfortunately,IOCmonitoringisreactiveinnature,whichmeansthatifanorganizationfindsanindicator,itisalmostcertainthattheyhavealreadybeencompromised. AnIndicatorofAttack(IOA)isrelatedtoanIOCinthatitisadigitalartifact.However,unlikeIOCs,IOAsareactiveinnatureandfocusonidentifyingacyberattackthatisinprocess. DownloadthiswhitepapertobetterunderstandthefundamentaldifferencebetweenIndicatorsofCompromiseandIndicatorsofAttackandlookatIOAsinaction. LatestWhitePapers 4EssentialsWhenSelectingCybersecuritySolutions eBook:SecuringGoogleCloudwithCrowdStrike FiveQuestionstoAskBeforeChoosingSentinelOneforWorkforceIdentityProtection DiscoverMoreatourResourceCenter CaseStudies CommunityTools CrowdCasts DataSheets Demos Guides Infographics Reports Videos WhitePapers TECHNICALCENTER Fortechnicalinformationoninstallation,policyconfigurationandmore,pleasevisittheCrowdStrikeTechCenter. VisittheTechCenter