Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
Critical-Severity IoCs Observed at the EndpointCritical-Severity IoCs Observed at the Endpoint
Cisco's "Proven Success Factors for Endpoint Security" report takes a close look at critical-severity indications of compromise alerts.
Gedeon Hombrebueno
September 1, 2021
1 Min Read
Cisco Security
Cisco Secure Endpoint leverages a protection lattice composed of several technologies that work in concert. One of those layers is the Indication of Compromise (IoC) feature, which can detect suspicious behaviors observed on endpoints and look for patterns related to malicious activity. Cisco Security aggregated this data across organizations from events detected in the second half of 2020 and filtered the analysis down to critical-severity IOCs. While critical-severity IOCs make up a small portion (under 5%) of the overall IoC-based alerts, they typically demand immediate attention if observed on the endpoint. After sorting the critical-severity IoCs observed, the most common category was dual-use PowerShell tools. These are tools designed to make it easier for IT teams to complete their tasks, but they can also be used for both exploitation and post-exploitation tasks. PowerShell Empire, Cobalt Strike, PowerSploit, and Metasploit are four such tools commonly seen.
Read the full Proven Success Factors for Endpoint Security report for more key findings.
About the Author(s)
You May Also Like
More Insights
Webinars
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Dec 12, 2023SecOps & DevSecOps in the Cloud
Dec 14, 2023What's In Your Cloud?
Jan 17, 2024Everything You Need to Know About DNS Attacks
Jan 18, 2024