Applying Indicators of Attack
Unlock early attack detection and action
Incident response is devoted to containment and mitigation, reverse engineering the sequence of events, and cleaning up the damage. However, attributes of an attack can provide actionable intelligence—an indicator of attack (IoA)—moving you from disaster recovery to an active role preventing the attack's success. An indicator of compromise (IoC) reflects an individual known bad, static event, but an IoA only becomes bad based on your situation. Where an IoC supports after-the-fact forensic investigation, an IoA enables in-the-moment incident intervention at every phase of the attack chain.
By collecting, constructing, and sending rich IoA insights to detection, containment, and remediation systems, McAfee and its partners help security analysts build a sustainable advantage against evolving cyberthreats.Download Solution Brief
Retain the contextual data required for IoAs. McAfee Threat Intelligence Exchange and McAfee Enterprise Security Manager collect and enrich this data, creating actionable IoAs.
Enhanced, dynamic threat and risk scoring reduce false positives and guide security analysts to important events. Fine-grained event attributes find attack trajectories, compromised hosts, and vulnerable systems.
Actionable details permit targeted processes to automatically and selectively block, disrupt, monitor, or record activities.
Piece together attack events to fully understand the path and intent of targeted attacks.
Predict attack behaviors, educate defenses, and suggest policy and control changes to prevent future repetitions.
Integration with McAfee Threat Intelligence Exchange assesses unknown files. The endpoint agent can allow, block execution, or clean the file, killing a running process. The presence of unknown files can be recorded, so if it is later determined to be part of an attack, the endpoint agent can clean up those hosts.
Protect networks with multiple intelligence-aware security controls. By leveraging threat information from multiple sources, gain a real-time understanding of internal and external threats. Receive unknown malware samples from endpoints, gateways, and dissect them using dynamic sandboxing and static code analysis. Collect contextual insights on users, applications, and data, analyze traffic, and share suspicious events and files for further analysis.
Baseline, aggregate, and contextualize endpoint sensor events, collecting critical data that otherwise disappears. SIEM solutions collect and correlate event, behavior, and alert information from hundreds of sources, constructing indicators of attack. Use these assessments to launch interventions, containment, mitigation, and remediation.
McAfee Foundstone guides enterprises of all sizes on the best ways to maintain a strong security posture. Our teams of security experts assess network vulnerabilities, evaluate gaps in information security programs, offer strategies that meet compliance goals, and help develop programs to prepare for security emergencies.