Incident & Breach Response , Security Operations
Moving from Indicators of Compromise to Indicators of Attackers: But Will Attacker Attribution Really Help Us?
How does attacker attribution help a CISO and an enterprise? The answer: More than most might think. Most organizations don't care who the attacker is. They just want to stave off attacks. But could they do more?
See Also: A Guide to Passwordless Anywhere
By using indicators of compromise, for instance, organizations can strengthen their defenses. IOCs are basically just signatures of cyber-weapons used during attacks. They are not indicators of who the attackers are. But by creating 'indicators of attacker compromise' (IOAC), the attack attributes of one cyber-gang linked to multiple types of attacks quickly become very useful. If one attack group is linked to banking Trojans and cyberespionage against employee email accounts, for instance, then identifying the methods used can benefit organizations that are targeted by that same group in the future. So instead of just relying on multiple, somewhat-redundant IOCs across attack target types, organizations also can benefit from a single IOAC, which should be predictive of future unseen attacks. In this discussion about attribution and the role IOCs and IOACs play, moderator Garter Vice President and Distinguished Analyst Avivah Litan will question our panel of experts about the future of attribution, and why it is becoming more critical for organizations across numerous sectors.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.