Indicators of attack settings

In cyberattacks that target companies, hackers try to break through security defenses by deploying a series of coordinated actions. These actions take place over long periods of time and use multiple strategies and infection vectors. Many such actions may appear innocuous individually but, taken as a whole, they can be part of an ongoing cyberattack.

The Advanced EDR basic user license includes a cross-threat hunting service. This service inspects the data flow sent by the security software installed on a customer’s computers using advanced automated analysis technologies in order to identify indicators of attacks in progress. Finally, a team of specialists (hunters) sift through these indicators which are represented on the administrator console as IOAs (Indicators Of Attack).

An IOA is an indicator displayed on the Advanced EDR administrator console when a pattern of events likely to belong to a cyberattack is detected. It could therefore act as an early warning of an infection, alerting an administrator to a potential attack in progress, though it could also be an alert of a cyberattack that has managed to penetrate the company’s defenses.

As the existence of an IOA can reveal the existence of an imminent danger, Advanced EDR not only focuses on detection, but also enables the launching of an automatic response to minimize the attack surface.

For additional information about the Indicators of attack module, see:

Creating and managing settings profiles: Information about how to create, edit, delete, or assign settings profiles to the computers on your network.
The management console: Information about how to manage user accounts and assign permissions.
Managing lists: Information about how to manage lists.