What are Indicators of Compromise? | Digital Guardian
文章推薦指數: 80 %
Indicators of compromise act as breadcrumbs that lead infosec and IT pros to detect malicious activity early in the attack sequence. These ... WhatareIndicatorsofCompromise?|DigitalGuardian IsYourTeamPreparedtoRespondtoanAttackataMoment’sNotice?DownloadtheIncidentResponder'sFieldGuidenowYou’llLearn:HowtobuildandsupportyourincidentresponseteamHowtocreateanddeployanincidentclassificationframeworkThemostcommonmistakesandhowtoavoidthemGETTHEEBOOKDATAINSIDERDigitalGuardian'sBlogPopularTopics:DataProtectionSecurityNewsThreatResearchIndustryInsightsSearchtheSite DataProtection101WhatareIndicatorsofCompromise?byNateLordonTuesdayDecember1,2020ContactUsFreeDemoChat LearnaboutindicatorsofcompromiseandtheirroleindetectionandresponseinDataProtection101,ourseriesonthefundamentalsofinformationsecurity.ADefinitionofIndicatorsofCompromiseIndicatorsofcompromise(IOCs)are“piecesofforensicdata,suchasdatafoundinsystemlogentriesorfiles,thatidentifypotentiallymaliciousactivityonasystemornetwork.”IndicatorsofcompromiseaidinformationsecurityandITprofessionalsindetectingdatabreaches,malwareinfections,orotherthreatactivity.Bymonitoringforindicatorsofcompromise,organizationscandetectattacksandactquicklytopreventbreachesfromoccurringorlimitdamagesbystoppingattacksinearlierstages.IndicatorsofcompromiseactasbreadcrumbsthatleadinfosecandITprostodetectmaliciousactivityearlyintheattacksequence.Theseunusualactivitiesaretheredflagsthatindicateapotentialorin-progressattackthatcouldleadtoadatabreachorsystemscompromise.But,IOCsarenotalwayseasytodetect;theycanbeassimpleasmetadataelementsorincrediblycomplexmaliciouscodeandcontentsamples.AnalystsoftenidentifyvariousIOCstolookforcorrelationandpiecethemtogethertoanalyzeapotentialthreatorincident.IndicatorsofCompromisevs.IndicatorsofAttackIndicatorsofattackaresimilartoIOCs,butratherthanfocusingonforensicanalysisofacompromisethathasalreadytakenplace,indicatorsofattackfocusonidentifyingattackeractivitywhileanattackisinprocess.Indicatorsofcompromisehelpanswerthequestion“Whathappened?”whileindicatorsofattackcanhelpanswerquestionslike“Whatishappeningandwhy?”AproactiveapproachtodetectionusesbothIOAsandIOCstodiscoversecurityincidentsorthreatsinasclosetorealtimeaspossible.ExamplesofIndicatorsofCompromiseThereareseveralindicatorsofcompromisethatorganizationsshouldmonitor.InanarticleforDarkReading,ErickaChickowskihighlights15keyindicatorsofcompromise:UnusualOutboundNetworkTrafficAnomaliesinPrivilegedUserAccountActivityGeographicalIrregularitiesLog-InRedFlagsIncreasesinDatabaseReadVolumeHTMLResponseSizesLargeNumbersofRequestsfortheSameFileMismatchedPort-ApplicationTrafficSuspiciousRegistryorSystemFileChangesUnusualDNSRequestsUnexpectedPatchingofSystemsMobileDeviceProfileChangesBundlesofDataintheWrongPlaceWebTrafficwithUnhumanBehaviorSignsofDDoSActivityGoDeeperAnalytics&ReportingCloudREADMOREUsingIndicatorsofCompromisetoImproveDetectionandResponseMonitoringforindicatorsofcompromiseenablesorganizationstobetterdetectandrespondtosecuritycompromises.CollectingandcorrelatingIOCsinrealtimemeansthatorganizationscanmorequicklyidentifysecurityincidentsthatmayhavegoneundetectedbyothertoolsandprovidesthenecessaryresourcestoperformforensicanalysisofincidents.IfsecurityteamsdiscoverrecurrenceorpatternsofspecificIOCstheycanupdatetheirsecuritytoolsandpoliciestoprotectagainstfutureattacksaswell.Thereisapushfororganizationstoreporttheseanalysesresultsinaconsistent,well-structuredmannertohelpcompaniesandITprofessionalsautomatetheprocessesusedindetecting,preventing,andreportingsecurityincidents.SomeintheindustryarguethatdocumentingIOCsandthreatshelpsorganizationsandindividualsshareinformationamongtheITcommunityaswellasimproveincidentresponseandcomputerforensics.TheOpenIOCframeworkisonewaytoconsistentlydescribetheresultsofmalwareanalysis.OthergroupssuchasSTIXandTAXIIaremakingeffortstostandardizeIOCdocumentationandreporting.Indicatorsofcompromiseareanimportantcomponentinthebattleagainstmalwareandcyberattacks.Whiletheyarereactiveinnature,organizationsthatmonitorforIOCsdiligentlyandkeepupwiththelatestIOCdiscoveriesandreportingcanimprovedetectionratesandresponsetimessignificantly.Tags:DataProtection101RecommendedResourcesBrowseResourcesanalystreportsBloor:TheImportanceofaDataProtectionPlatformforGDPRComplianceGettheReportwhitepaperThe2022DefinitiveGuidetoDataClassificationDownloadNowanalystreportsIDCReport:APracticalGuidetoGDPRGettheReportRelatedBlogPostsWhatistheNISDirective?Definition,Requirements,Penalties,BestPracticesforCompliance,andMoreNateLordWhatistheNISTCybersecurityFramework?ChrisBrookWhatisEndpointDetectionandResponse?ADefinitionofEndpointDetection&ResponseNateLordWhatisSECCybersecurity?ChrisBrook
延伸文章資訊
- 1Indicators of Compromise (IOCs) - Fortinet
- 2Indicators of compromise - Definition - Trend Micro
Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host syst...
- 3What is an indicator of compromise (IoC)?
In the field of computer security, an Indicator of compromise (IoC) is an object or activity that...
- 4Indicators of Compromise (IOC) Security - CrowdStrike
An Indicator of Compromise (IOC) is a piece of digital forensics that suggests that an endpoint o...
- 5Indicator of compromise - Wikipedia
Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an...
