IOEs are the factors that can lead to an attack and should be identified alongside IOCs. IOCs represent an artifact of an attack; IOEs highlight the preconditions that make an exploit more likely.
IOEs describe security weaknesses that are particular to an enterprise network and can be exploited by an attacker.
By combining IOEs into a single, dynamic view, security practitioners gain the advantage of access to a comprehensive representation of their enterprise attack surface. This level of attack surface visibility and analysis of the IOEs that contribute to it constitute a game changer for security managers and chief information security officers (CISOs).
It is not enough to only catalog a list of vulnerabilities. Consideration must be given to those vulnerabilities that are not only exposed to a potential attack, but also put key assets at risk.
IOEs must be determined by analyzing multiple factors, i.e., events as opposed to observing a single one event. An unexpected firewall rule change is an event, but an unexpected firewall rule change that opens up an access path to a critical asset is an IOE.
By linking together IOEs with an understanding of network topology and assets, enterprises can discern which attack vectors are most likely to be exploited in a multistep attack.
Working with identified IOEs rather than raw vulnerabilities and other risk data also allows security teams to use the power of contextual analysis to determine actions that will significantly reduce the size of their attack surface with less effort than a “fix everything” approach.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM