Webinar: Why chasing IOCs fails to detect attacks

Written By

Fred O'Connor

Defenders need to rethink how effective indicators of compromise are in detecting attacks. The premise behind IOCs - that attackers reuse tools and the observable indicators are preserved - is false. At best, IOCs will lead to detecting individual components of an attack instead of revealing the entire operation.

Attackers are much more savvy and skilled at evading detection. They realized they could tweak their tools with minimal effort and sneak past traditional security tools. Change the signature on a malware program and it appears new, allowing it to get by an antivirus program. Use a domain generation algorithm to create an endless supply of IP addresses that won’t blocked by firewalls.

And companies are already facing these attacks, according to Cybereason's Threat Insights Report. Almost half of the confirmed malicious activity experienced by Cybereason’s customers in the first half of 2016 was carried out using attack mechanisms that constantly mutated, including changing hashes, IP addresses and domains. With these new-to-the world techniques becoming more prevalent, IOCs are significantly less effective at detection and response.
Fred O'Connor
About the Author

Fred O'Connor

Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.

Related Posts

Cybereason Taps Former Dyson CISO CK Chim as Field CSO to Support APAC Expansion

Cybereason Taps Former Dyson CISO CK Chim as Field CSO to Support APAC Expansion

“I am incredibly impressed with not only Cybereason’s rapid expansion across the Asia Pacific region, but their operation-centric security approach to helping defenders by providing future-ready attack protection that unifies security from the endpoint, to the enterprise, to everywhere the battle moves..."

Predictive Ransomware Protection: The Key to Ending a Global Crisis

Predictive Ransomware Protection: The Key to Ending a Global Crisis

Predictive prevention means that Cybereason stops ransomware with the highest degree of confidence based on subtle behaviors and attacker activity - we automatically see what others miss and infer the attacker’s next move without manual intervention...

Recent Posts

Malicious Life Podcast: The Y2K Bug Pt. 2
Malicious Life Podcast: The Y2K Bug Pt. 1
Cybereason’s evolution to disrupt beyond SIEM and XDR market

Categories

All Posts