Successfully assessing the threat conditions of an enterprise network is becoming an increasingly complicated task as attackers constantly adapt their tools and use new techniques to evade detection. Security analysts and enterprise IT managers need to stay vigilant and maintain a robust view of what they’re protecting. They have the hard task of collecting small and disparate clues that cumulatively indicate if an attacker has compromised their network—these clues are also known as Indicators of Compromise (IoC). Specifically, they are pieces of forensic data that can help analysts recognize malicious activity on a network. Spotting and handling these IoCs can help prevent the attacker from doing any lasting damage.
These guidelines for identifying and handling IoCs are particularly useful for businesses that:
face serious compliance requirements or are subject to standards or regulation that state that data must be monitored or managed
have a substantial on-site IT infrastructure of any kind—even mid-market businesses or small businesses
have servers containing data critical to the business or highly sensitive data
own and operate a data center
Figure 1. Unusual Incidents of User Authentication and Authorization
Figure 2. Peculiar Network Behavior
Figure 3. Suspicious Registry Changes
Figure 4. DNS request Anomalies and IP Network Irregularities
Figure 5. Strikes to File Integrity
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).