What is Evidence of Compromise?

3 February 2020

Evidence of Compromise (EoC) is a collection of forensic data that points to a confirmed malicious attack on a commercial, industrial or government network. 

Evidence of Compromise supersedes indicators by providing organizations with actionable intel, not just a possibility. This empowers organizations to highlight only what is relevant, actionable, and critical for their security needs—freeing them from time-consuming threat intelligence data feeds and costly subscriptions.

How is Evidence of Compromise different from Indicators of Compromise?

EoC is different from its counterpart, Indicators of Compromise (IoC), because of how it is sourced.

Indicators can come from a variety of sources, each with varying degrees of accuracy. Actionable intel like this must be distilled from those various sources, which can take time and ultimately lead nowhere.

Evidence is sourced from active, malicious network activities, bringing to the surface what threat actors see when an infected computer “calls home” from a victim’s compromised network. This direct sourcing removes the guesswork involved with indicators, making every bit of collected intelligence guaranteed to be accurate and actionable. 

This unique visibility into the ongoing activity of threat actors is made possible through proprietary sensors and algorithms, which ingest and analyze data directly from adversaries operating active malicious campaigns around the world.

Finding the Needle of Evidence in the Haystack of Indicators 

For organizations as large as multinational corporations or nation-states, finding evidence of compromise instead of mere indicators can be like searching for one or two needles spread throughout dozens of different barns, inside hundreds of haystacks, among millions of pieces of straw. 

Standard threat intelligence solutions focus on gathering a pool of indicators, which proposes an inside-out solution to the haystack problem. This necessitates requesting authorization to go inside into each barn, inspecting each piece of straw, bending it, and categorizing it based on its observable properties. Some pieces could be rightly discarded as threats, but many would defy the ruleset and be stacked into a pile for further straw analysis. Given enough time, the offending needles would indeed be found. Whether an actionable conclusion would come prior to the heat death of the universe is up to the number of haystacks and the diligence of the analysts involved.

Evidence of Compromise proposes a simpler, outside-out approach—empowering analysts to stand far outside all of those barns, equipped with a powerful electromagnet. By flipping a switch, the dangerous needles fly straight to the magnet, providing the solution without any time-consuming searching.

Prevailion’s Unique Visibility into Active Global Compromises

Prevailion Apex Compromise Intelligence platform is like a search engine for discovering active and historical third-party compromises worldwide. Organizations can set it up in less than a minute and find EoC within their own or third-party ecosystems right away.

Apex was built around the basic premise that IoC has failed organizations, and EoC is the future of compromise visibility.  Our customers have unique insight into the ongoing activities from threat actors, giving them the tailored intelligence they need to stay not just one, but several steps ahead of potential threats to their ecosystem.

The Latest

Prevailion CEO, Karim Hijazi – Cheddar News- FCC commissioner calls on Apple and Google to ban TikTok app

A member of the FCC renewed urgency calls on Apple and Google to remove TikTok from their app stores, raising concerns that TikTok’s Chinese-based parent company is collecting user data that is being accessed in China.

IRONSCALES Cyber Security Heroes: The New Cyber Era Post Ukraine Invasion

What Wicked Webs We Un-weave

What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]

Copyright 2023 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.