Indicators of Attack

The Importance and Difference Between Indicators of Attack and Indicators of Compromise

Introduction

The recent headlines attest that no organization is immune to targeted attacks launched by skilled, persistent adversaries. These highly sophisticated attackers gain unprecedented success against large and even well-equipped organizations across the world. The detection of these attacks is a daunting task. However, if you are well aware of the Indicator of Attacks (IoA) and Indicators of Compromise (IoC), then you can resolve issues with better outcomes. In fact, the IoA and IoC are the two methods of detection in the security marketplace.

Continue reading

Cyber Kill Chain use areas

How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 2)

Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.

Continue reading