Indicator of Attack (IoA)
An Indicator of Attack (IoA) is a proactive approach that aims to detect a cyber criminals intentions, regardless of what virus or malware they may be using. Within this arm of cybersecurity, it's the series of events leading up to an attack that are the focus.
IoAs are based on common behavior patterns that cyber criminals follow. Security teams use IoA data to examine how a network is breached, what backdoors are established, and which credentials are compromised.
Some examples of IoAs include:
- Multiple honeypot alerts
- Multiple user logins from different regions (this may indicate credential theft)
- Malware reinfection that occurs within minutes of malware removal (this may indicate an APT)
IoAs occur before a data breach - therefore they are monitored in real-time, in order to intercept and prevent any security breaches.
By intercepting a cyber attack as it's developing, security teams can reduce the attackers 'dwell time' within a device or network.