What is Evidence of Compromise?

Evidence of Compromise (EoC) is a collection of forensic data that points to a confirmed malicious attack on a commercial, industrial or government network. 

Evidence of Compromise supersedes indicators by providing organizations with actionable intel, not just a possibility. This empowers organizations to highlight only what is relevant, actionable, and critical for their security needs—freeing them from time-consuming threat intelligence data feeds and costly subscriptions.

How is Evidence of Compromise different from Indicators of Compromise?

EoC is different from its counterpart, Indicators of Compromise (IoC), because of how it is sourced.

Indicators can come from a variety of sources, each with varying degrees of accuracy. Actionable intel like this must be distilled from those various sources, which can take time and ultimately lead nowhere.

Evidence is sourced from active, malicious network activities, bringing to the surface what threat actors see when an infected computer “calls home” from a victim’s compromised network. This direct sourcing removes the guesswork involved with indicators, making every bit of collected intelligence guaranteed to be accurate and actionable. 

This unique visibility into the ongoing activity of threat actors is made possible through proprietary sensors and algorithms, which ingest and analyze data directly from adversaries operating active malicious campaigns around the world.

Finding the Needle of Evidence in the Haystack of Indicators 

For organizations as large as multinational corporations or nation-states, finding evidence of compromise instead of mere indicators can be like searching for one or two needles spread throughout dozens of different barns, inside hundreds of haystacks, among millions of pieces of straw. 

Standard threat intelligence solutions focus on gathering a pool of indicators, which proposes an inside-out solution to the haystack problem. This necessitates requesting authorization to go inside into each barn, inspecting each piece of straw, bending it, and categorizing it based on its observable properties. Some pieces could be rightly discarded as threats, but many would defy the ruleset and be stacked into a pile for further straw analysis. Given enough time, the offending needles would indeed be found. Whether an actionable conclusion would come prior to the heat death of the universe is up to the number of haystacks and the diligence of the analysts involved.

Evidence of Compromise proposes a simpler, outside-out approach—empowering analysts to stand far outside all of those barns, equipped with a powerful electromagnet. By flipping a switch, the dangerous needles fly straight to the magnet, providing the solution without any time-consuming searching.

Prevailion’s Unique Visibility into Active Global Compromises

Prevailion Apex Compromise Intelligence platform is like a search engine for discovering active and historical third-party compromises worldwide. Organizations can set it up in less than a minute and find EoC within their own or third-party ecosystems right away.

Apex was built around the basic premise that IoC has failed organizations, and EoC is the future of compromise visibility.  Our customers have unique insight into the ongoing activities from threat actors, giving them the tailored intelligence they need to stay not just one, but several steps ahead of potential threats to their ecosystem.

The Latest

Post thumbnail image

Information Technology Manager

The Information Technology Manager works to support Prevailion’s IT assets, employees and mission critical systems. In this role, you will wear many hats and work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the company’s success and growth of Prevailion.

Post thumbnail image

Threat Intelligence Researcher

The Threat Intelligence Researcher works in Prevailion’s Intelligence team. In this role, you will work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the Intelligence team’s success and growth and that of Prevailion.

Post thumbnail image

Senior Threat Intelligence Researcher

The Senior Threat Intelligence Researcher works in Prevailion’s Intelligence team. In this role, you will work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the Intelligence team’s success and growth and that of Prevailion.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.