IoCs vs IoAs

These are two key concepts in threat detection and incident response that should be used together for a strong defense and understanding of an attack:

https://www.logsign.com/blog/the-importance-and-difference-between-indicators-of-attack-and-indicators-of-compromise/

  • IoCs: Indicators of Compromise are the evidences that suggest a system has already been compromised. These are often signatures of known threats and are used in reactive detection, helping to identify and respond to incidents

  • IoAs: Indicators of Attack focus on identifying suspicious behaviors or tactics that suggest an attack is in progress, even when there is no concrete evidence that an attack has occurred. This is based on proactive detection, enabling early intervention for possible threats

While IoCs are vital for identifying known threats and understanding incidents after they happen, they can be evaded, so coupling them with IoAs, which focuses on the tactics and techniques of attackers, helps defenders detect threats based on suspicious behavior, essential for building effective prevention, detection, and response strategies.

PreviousCyberattacksNextCyber Kill Chain

Last updated