IoCs vs. EoCs: What’s the difference and why should you care?

In this Expert Insight, Dave Glover of Netwitness, talks about an often overlooked in cyber investigations: EoCs or Enablers of Compromise and why enterprises should be paying more attention to the EoCs in their environments.

Security analysts and threat hunters know the importance of IOCs – indicators of compromise – as the marker of nefarious activity in an enterprise infrastructure.  IOCs are observable things such as atypical behaviors, uncommon activities, unique connections, or unrecognized files.  These and other IOCs are breadcrumbs, clues that must be assembled and decoded in pursuit of stealthy attackers.  IOCs are the “what” in the detection and investigation process. 

imageDave Glober is a Principal Sales Engineer at Netwitness. ” data-medium-file=”×300.jpg” data-large-file=”” decoding=”async” loading=”lazy” width=”300″ height=”300″ src=”×300.jpg” alt=”Dave Glover, Netwitness” class=”wp-image-477240″ srcset=” 300w,×150.jpg 150w,×24.jpg 24w,×48.jpg 48w,×96.jpg 96w,×50.jpg 50w” sizes=”(max-width: 300px) 100vw, 300px”>Dave Glover is a Principal Sales Engineer at Netwitness EOCs -Enablers of Compromise

Just as important are EOCs – enablers of compromise – that constitute the “how” in the detection and investigative process.  An EOC is any environmental condition that increases the possibility or magnitude of a cyber-attack.  EOCs have both proactive and reactive value; finding an EOC before an adversary does allows you to harden or mitigate it, and an EOC mindset helps identify and understand an exploit more quickly and completely when it’s attempted.

Dark Web Looms Large as Enterprise Threat

Adversaries have always displayed

Read more

Explore the site

More from the blog

Latest News