Indicators of Compromise

When a system administrator finds anomalous or malicious behavior within network traffic, evidence could show it is an indicator of compromise (IOC) showing potential intrusion or cyber attack.

Indicators of compromise (IOCs) is a term used in the cybersecurity industry to describe the breadcrumbs left behind by threat actors following a security event. These pieces of forensic evidence offer stakeholders visibility into how a breach took place, the result of the breach, and more.

What are Indicators of Compromise (IOCs)?

Indicators of Compromise (IOCs) are examples of abnormal or malicious behavior reflecting the intrusion of an external user or program within internal organization networks. IOCs help network administrators map a threat actor’s attack route and determine the impact of the compromise. While users sometimes accidentally breach a protected system, security breaches often reflect a vulnerability requiring an incident response strategy and remediation.

Also read: Best Threat Intelligence Tools for 2022 | CIO Insight 

Examples of Indicators of Compromise (IOC)

  • Unusual types and volumes of inbound and outbound traffic
  • A high number of database queries or requests for the same file
  • Distributed Denial of Service (DDoS) attack behavior
  • Irregular access or traffic based on user geographic location
  • Anomalous or suspicious behavior by privileged user accounts
  • A large number of changes in device or directory profiles
  • Unexplainable files and new data appearing in system folders
  • Altered files, systems, registry, or DNS configurations
  • Log-in activity indicating malicious probing for access or a brute force attack
  • The identification of unusual port-application traffic
  • Unauthorized or mysterious patching of software and applications

How to Recognize Indicators of Compromise

Network administrators and SOC analysts can recognize indicators of compromise from a routine scan to deeper inspections and investigations. With tools for digital forensics and incident response (DFIR), threat intelligence, and advanced endpoint security, organizations have several security solutions available to help in this effort.

Endpoint security and threat intelligence are foundational tools needed to detect potential threats and protect against malware. At the same time, DFIR is increasingly necessary to spot malicious behavior, investigate security incidents, and remediate vulnerabilities or breaches.

Read more: Top Endpoint Detection & Response (EDR) Solutions for 2022 | eSecurity Planet

How to Respond to IoC

When network administrators discover indicators of compromise, it’s essential to investigate further and remediate any existing vulnerabilities that could lead to another breach. Closing security gaps granting unauthorized access to critical systems should be the priority. Secondary, but also important, is determining what impact the security event had, if any, on the broader business, specific systems, applications, or users. 

Indicators of Compromise vs. Indicators of Attack

Indicators of compromise (IOCs) and indicators of attack (IOAs) describe different aspects of detecting, identifying, and responding to a potential attack. Together, both are examples of indicators of intelligence.

Indicators of Compromise (IOC)Indicator of Attacks (IOA)
IndicatorPost-attack detectionReal-time attack detection
RemediationReactiveProactive
ToolsDFIRThreat Intelligence, EDR, UEBA
ExamplesVulnerabilities, malware, exploits, signatures, IP addressesRemote code execution (RCE), lateral movement, C2C

While IOCs offer visibility and context in light of a security attack, IOAs are a part of a growing demand for advanced threat intelligence and real-time insight into advanced persistent threats (APT).

Recent Coverage

Sam Ingalls
Sam Ingalls is a content writer and researcher covering enterprise technology, IT trends, and network security for eSecurityPlanet.com, Webopedia.com, ChannelInsider.com, and ServerWatch.com.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

New Promoter Score (NPS)

Source: Freepik for flaticon.com Net promoter...

Data Annotation

Data annotation involves processing a set of raw data for text, images, sounds,...

Imperva

Imperva is a cybersecurity company focused...