// THREAT DETECTION AND DATA PRIVACY TERM
IOC
An Indicator of Compromise (IOC) is a piece of digital evidence that points to a potential security breach on a computer or network. It's like a digital footprint or clue left behind by a malicious attacker.
TECHNICAL DEFINITION
An Indicator of Compromise (IOC) is a forensic artifact or observable evidence in information security that signifies a potential computer intrusion or cyberattack. These threat intelligence data points, such as malicious IP addresses, file hashes (MD5, SHA256), anomalous network traffic, or specific registry keys, are used by security tools like SIEM and EDR for threat detection and incident response.
BACKGROUND
In information security, threat hunting is the process of proactively searching for threats against computer systems in order to protect them. This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat. Threat analyst Lesley Carhart stated that there is no consensus amongst practitioners what threat hunting actually entails.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- threat indicator
- compromise artifact
- security artifact
- cyber observable
- forensic data point
- indicator of attack
USAGE NOTE
IOCs are primarily used reactively in threat hunting and incident response to identify security breaches that have already occurred.
DEVELOPERS
Organizations developing technology related to IOC.
A leading endpoint security company whose Falcon platform uses Indicators of Compromise (IOCs) and Indicators of Attack (IOAs) for real-time threat detection, prevention, and response.
Develops the Cortex XDR platform, which leverages threat intelligence and extensive IOC databases from its Unit 42 research team to detect and respond to threats across network, endpoint, and cloud environments.
A prominent threat intelligence company that aggregates and analyzes vast amounts of data to produce intelligence feeds rich with IOCs such as malicious IP addresses, domains, and file hashes.
An incident response and threat intelligence firm that investigates major cyber breaches, generating high-fidelity IOCs from firsthand forensic analysis which are shared to protect other organizations.
Specializes in threat intelligence platforms (TIP) that help organizations aggregate IOCs from various sources and operationalize the intelligence for automated detection and response within their security infrastructure.
Provides a Security Information and Event Management (SIEM) platform used by security teams to ingest and analyze machine data, enabling them to hunt for and create alerts based on IOCs across their IT environment.
A U.S. federal agency that analyzes and shares timely cyber threat information, including validated IOCs, through public alerts and advisories to help organizations defend against malicious campaigns.
A non-profit research organization that develops the STIX/TAXII standards for sharing threat intelligence and the ATT&CK framework, which provides vital context to IOCs by mapping them to adversary behaviors.