What is Evidence of Compromise?

Evidence of Compromise (EoC) is a collection of forensic data that points to a confirmed malicious attack on a commercial, industrial or government network. 

Evidence of Compromise supersedes indicators by providing organizations with actionable intel, not just a possibility. This empowers organizations to highlight only what is relevant, actionable, and critical for their security needs—freeing them from time-consuming threat intelligence data feeds and costly subscriptions.

How is Evidence of Compromise different from Indicators of Compromise?

EoC is different from its counterpart, Indicators of Compromise (IoC), because of how it is sourced.

Indicators can come from a variety of sources, each with varying degrees of accuracy. Actionable intel like this must be distilled from those various sources, which can take time and ultimately lead nowhere.

Evidence is sourced from active, malicious network activities, bringing to the surface what threat actors see when an infected computer “calls home” from a victim’s compromised network. This direct sourcing removes the guesswork involved with indicators, making every bit of collected intelligence guaranteed to be accurate and actionable. 

This unique visibility into the ongoing activity of threat actors is made possible through proprietary sensors and algorithms, which ingest and analyze data directly from adversaries operating active malicious campaigns around the world.

Finding the Needle of Evidence in the Haystack of Indicators 

For organizations as large as multinational corporations or nation-states, finding evidence of compromise instead of mere indicators can be like searching for one or two needles spread throughout dozens of different barns, inside hundreds of haystacks, among millions of pieces of straw. 

Standard threat intelligence solutions focus on gathering a pool of indicators, which proposes an inside-out solution to the haystack problem. This necessitates requesting authorization to go inside into each barn, inspecting each piece of straw, bending it, and categorizing it based on its observable properties. Some pieces could be rightly discarded as threats, but many would defy the ruleset and be stacked into a pile for further straw analysis. Given enough time, the offending needles would indeed be found. Whether an actionable conclusion would come prior to the heat death of the universe is up to the number of haystacks and the diligence of the analysts involved.

Evidence of Compromise proposes a simpler, outside-out approach—empowering analysts to stand far outside all of those barns, equipped with a powerful electromagnet. By flipping a switch, the dangerous needles fly straight to the magnet, providing the solution without any time-consuming searching.

Prevailion’s Unique Visibility into Active Global Compromises

Prevailion Apex Compromise Intelligence platform is like a search engine for discovering active and historical third-party compromises worldwide. Organizations can set it up in less than a minute and find EoC within their own or third-party ecosystems right away.

Apex was built around the basic premise that IoC has failed organizations, and EoC is the future of compromise visibility.  Our customers have unique insight into the ongoing activities from threat actors, giving them the tailored intelligence they need to stay not just one, but several steps ahead of potential threats to their ecosystem.

Share Post
Frank Smith
[email protected]