Indicators are everywhere. The "check engine" light tells you when one of your car's systems has failed. Your cell phone alerts you when the battery is low. Your home security system sounds an alarm if it detects an intruder, and your home computer displays a warning message when a device or piece of software malfunctions. From a design perspective it seems simple: you understand what to look for and you design a monitoring control around it. But what if your task is to reliably detect intrusions within a network or operating system? What if you're building a system to identify with high confidence artifacts that indicate an intrusion? That's not simple at all.
Here our focus is on IOCs. Our goal is to illustrate their importance and help you better protect your enterprise network environment from advanced threats.