[Recommended Reading] IoA vs. IoC

Source: Crowdstrike IoA vs. IoC

What is an Indicator of Attack (IOA) and why is it necessary to take an IOA-based detection and prevention approach when dealing with advanced adversaries?

Unlike Indicators of Compromise (IOCs) used by legacy endpoint detection solutions, IOAs focus on detecting the intent of what an attacker is trying to accomplish, regardless of the malware or exploit used in an attack. Just like AV signatures, an IOC-based detection approach cannot detect the increasing threats from malware-free intrusions (see Malware-Free Intrusions blog)and zero-day exploits. As a result, next-generation security solutions are moving to an IOA-based approach pioneered by CrowdStrike. Read more…

Advertisements

Leave a comment

Filed under General, InfoSec, Recommendations

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s