Indicators of compromise (IOC) are important breadcrumbs that let you know your organization may have been exposed to an attack. Learning what these indicators are and how to recognize them will help you to stay one step ahead of attackers and stop breaches before they happen, or enable you to stop attacks while they are still in the early stages.
Some of these indicators include unusual DNS requests, unaccounted for file changes, mismatched port traffic, unusual account activity, and irregular network traffic – including traffic from odd geographic locations.
There are multiple tools security professionals can use to research and monitor this activity. ThreatSTOP has simplified the process by introducing a powerful new research tool called Check IOC, which with one query, gives you access to all of this information in one place.
Check IOC enables you to simply input a domain and gather a wealth of information connected to that name. The query lets you know if the suspicious domain is actively present or has been historically present on any of your assets so you can isolate those targets for remediation.
You get a list of related records which includes the targets where the domain is present plus the IP address it resolves to. You can also drill down into the IP addresses for additional information.
Check IOC also includes DNS Lookup information and Whois info – this will expose any of that strange geographical traffic and associate it with a specific user.
And last, but not least, you get passive DNS information. Monitoring passive DNS is crucial to your security routine because it provides a context for your network traffic data. Once a domain name or IP address has been marked as malicious, it is very simple for a Passive DNS database to identify other potentially malicious domain names that have mapped to that IP address as opposed to sorting through cumbersome DNS logs.
If you have used ThreatSTOP’s Check lookup tool, you’ll love all of the additional capabilities you get with Check IOC. If you’re not currently a ThreatSTOP customer, sign up here for a free trial and start checking your IOCs.