EclecticIQ
nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

nav-solutions

Learn how EclecticIQ can help you address your specific challenges – by team and by need – and improve your overall security posture.

Solutions overview

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

BEYOND THE IOC-Moving from the “what” to the “how” to better stay ahead of emerging attacks

Product Marketing Team April 15, 2021

EIQ_beyondWP_blog_image_tittle

Three travelers wandered across a sleeping elephant in the dark. They were walking by low moonlight, and all they could see were three big lumps in front of them. The first touched an elephant’s trunk and said, “oh, my, this must be a huge snake!” The second touched an elephant’s ear and said, “oh, my, this must be a giant bat with enormous wings!” The two jumped back from the scary animals in shock, landing in a warm smelly pile of elephant poo.

The third wanderer considered what the first two said while backing away from her pungent travel mates. She listened carefully and heard multiple low rhythmic rumbles. She knew that they were in a nature preserve with numerous elephant herds and that elephants tend to sleep in groups. With this information, she announced – with high probability– that they were next to snoozing elephants.

Like the travelers, Cyber threat intelligence (CTI) analysts are continually processing indicators that provide clues on potential and active threats. Unfortunately, these clues often lead to false assumptions and even lead to landing in digital piles of warm poo. What the third traveler did to identify the elephant correctly was move beyond making decisions on basic clues to a higher level of analysis: trunk shape + ear texture + herd tactics = elephants!

In EclecticIQ’s new report, “Beyond the IOC,” we explain why CTI analysts must make a similar pivot and go from the “what” of the attack (e.g., IP address, Domain, URL) to the “how” of the attack (e.g., Ransomware, RDP brute force attack, Cozy Bear actor, and espionage).

How to Better Detect Elephants

To move from “what” to “how” requires shifting from indicators of compromise (IOC) to tactics, techniques, and procedures (TTPs). As discussed in the report, this shift is proving to be effective, knowing that threat actors tend to execute attacks in repetitive ways, using attack patterns that are historically effective against a particular victim or set of victims.

Identifying these threat actors more quickly and more accurately begins by differentiating between IOCs and TTPs and their value to CTI. From this report, you will learn:

IOCs are Clues - Indicator of Compromise (IOCs) are pieces of forensic data that identify potentially malicious activity on a system or network. IOC monitoring can reveal unusual activities as red flags for a data breach or system compromise. However, detecting IOCs cannot provide a complete attack model or answer how a threat actor is conducting an attack.

The report includes triage approaches to managing IOCs better.

TTPS Give Focus - TTPs allow threat analysts to focus on adversary actions and how they are connected. What is excellent about TTPs is they describe the behavior, methods, and patterns within an attack rather than the footprints that attackers (or elephants) leave behind. They involve methods like registry modification or social engineering to prevent further impact from threat actors.

The report explains how to establish this focus and how it helps to direct threat hunting practices.

TTPs Give Context - TTPs provide a more comprehensive intelligence picture with greater context that synthesizes IOCs, observables, and MITRE ATT&CK taxonomy to help different teams understand attacks at both strategic and operational levels.

The report discusses how better context helps to prevent further attacks.

Sharing is Caring - TTPs provide an effective medium for sharing threat intelligence, so security and intelligence teams can better communicate and create common objectives. In contrast, IOCs are too granular and short-lived to enable effective knowledge sharing by IOCs alone.

The report illuminates how improved information sharing brings together CTI, information security, and incident response with details relevant to each role.

Intelligence Reports are Smart – A well-written and structured intelligence report saves time and resources, reduces ambiguity, and reduces human error. Intelligence reports build off TTPs and IOCs.

The report describes how to establish a standard protocol for intelligence reports that includes indicator watchlists, clustering of TTPs, and intelligence structuring.

Please register here to see the complete report of Beyond the IOC with Cyber Threat Intelligence.

 

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

3 more posts you might like

All Blog Posts (106)

Explore all topics

© 2014 – 2021 EclecticIQ B.V.
EclecticIQ. Intelligence, Hunting, Response.
Get demo