Indicators of Compromise Assessment
Indicators of compromise (IOC’s) are observable artifacts on a network or operating system that gives high probability of a computer intrusion.IOC's are part of incident response and forensics process to get the early warning signs in case of a potential attack and gives you time to respond to them effectively.
Isecurion's security team analyzes your environment to understand the potential threat landscape you can be exposed to and help you establish the indicators of compromise through your SIEM program or ad hoc analysis of IOC's in your environment through comprehensive scanning and analysis.
- Increased visibility of your environment and potential threat activities.
- Early detection of threat actors in your environment.
- Increased response time and minimal impact.
- Increased efficiency of your incident response Program.
- Identification of potential threats already existing in your environment.
- Assurance to client and business partners that you have an effective incident response program.
Isecurion's Indicators of compromise program mainly focuses on two Types of Assessment. Our first type of assessment is basically focused on helping organizations establish indicators of compromise applicable for their environment. The second type of assessment is performed by conducting a thorough scanning of the environment to identify potential indicators of compromise. Our methodology for security Assessment is based on is based on the following approach.
We do a comprehensive review of the client's environment to analyze and create list of IOC's that are applicable for their environment.
- Network Topology Review
- Baseline Network Traffic Review
- Understand network and systems security policies
- Identify ingress and egress points
We help in segregating IOC based on their application to the environment and categorizing them under Network, Systems, Application, Malware domains.
- Unusual Outbound Network Traffic
- Geographical Irregularities
- DNS Request Anomalies
- Mismatched Port-Application Traffic
- Suspicious c2c traffic
- Anomalies In Privileged User Account Activity
- Suspicious Registry Or System File Changes
- Suspicious listening ports.
- Increased file transfer.
- Swells In Database Read Volume
- Large Numbers Of Requests For The Same File
- Struxnet malware IOC
- Flame Malware IOC
We provides comprehensive report detailing applied IOC's for your environment, details of threats and remediation action.