English 
Русский 
简体中文 
Português do Brasil 
Français 
Español 
Türkçe 
Polski 
Tiếng Việt 
한국어 
Nederlands 
Italiano 
日本語 
Eesti 
Čeština 
മലയാളം 
Bahasa Melayu 
हिन्दी 
اردو 
Bahasa Indonesia 
Safe WebIndicator of Compromise (IOC) is a concept used by computer security professionals to detect possible malicious activity or system compromise on a network. In security terms, an IOC is any information or activity that stands out from expected, normal events that could suggest the presence of a malicious actor. An IOC could be anything from a suspicious URL seen in web logs to a new service listening on a system port.
IOC refers to the combination of a “type of evidence” plus a relevance/value metric. Examples of evidence types can include IP addresses associated with malicious activity, users or systems with unauthorized access, as well as file names or hashes associated with malicious software. The relevance/value metric typically includes score values for the evidence, such as its reliability or probability of being malicious. Detection of an IOC depends on comparing the current evidence to the available indicators purported to be associated with malicious behavior.
Organizations employ IOCs as a security measure to systematically acquire, analyze, and act upon suspicious data points. An IOC-based approach to security is more proactive than reactive and allows organizations to better track malicious activity in real-time and respond quicker to threats. By collecting data and metrics related to intrusion attempts, organizations can also gain insight into how threats are evolving and improve their defenses accordingly.
In the world of cybersecurity, the use of IoCs is becoming increasingly popular as they provide a system for distinguishing between threats and benign traffic, thereby improving the visibility of the network. By using an IOC-based strategy of security, organizations are able to quickly detect and block threat actors and protect their networks more effectively.
