https://gcn.com/articles/2020/04/10/indicators-of-behavior.aspx
By Nico Fischbach
GCN.com
April 10, 2020
The federal government is taking unprecedented steps to move beyond traditional
cybersecurity methods and adopt innovative solutions to protect our nation’s
interests. One example is the recent formation of the Cyberspace Solarium
Commission -- a collection of representatives from science, academia, business
and other sectors -- who have come together to make recommendations on how the
government can better combat today’s rapidly evolving cyber threat. The
indication is clear: The nation needs a more proactive and outside-the-box
approach to cybersecurity.
In this new era, traditional methods of detecting a cyberattack, such as
indicators of compromise, are not enough. IoCs are evidence a cyberattack is
taking place or, worse, has occurred already. They encompass a wide range of
data points: a virus signature, suspicious URLs, email phishing campaigns,
abnormal computer operations, network traffic in little-used ports or via
tunneling and so on. But while IoCs are useful, they have shortcomings.
Usually, an IoC represents a single event, data point or piece of code. It
offers hints about what’s happening, but lacks sufficient context. It’s often
up to a security analyst to string together a large number of IoCs to fully
understand, from a forensics point of view, what happened. Responding to IoCs
often means blocking access based on the presence of a particular indicator,
which can create friction.
In short, IoCs are table stakes. They represent surface-level security, but
they won’t enable IT pros to identify an insider threat, someone going rogue or
very advanced attackers.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
