Intelligence describes the attack process and techniques used by the attacker, can be used to block new attacks in real time, reconstitute the attack scenario, and find out possible purpose of the attack. IoA intelligence has the ability to detect unknown attacks compared with IOC intelligence.

  • Threats and countermeasures lead to a more intense cybersecurity situation nowadays. As attackers frequently change network infrastructure and techniques they use, and the number of new attack groups has grown rapidly, static detection techniques won’t be able to cope with all these changes. IoA, based on dynamic detection with the help of TTP-related intelligence, can fit current situation better and has a great advantage dealing with attacks from unknown attackers.

Prevent Attack before It Happens
Applying IoA to security protection products can help blocking the attack after its occurrence, before it can cause any real damage and prevent any further process.
Discover “Unknown” Attack Incident
Can help enterprises when faced with new cyberattacks or new infrastructures activated by the attacker. Timely detection could still be guaranteed with the help of IoA.
Provide Evidence of an Attack
Can provide security protection products with a list of IP reputation for consideration when blocking IPs, and help blocking high-frequency attacks such as brute-force attacks, internet mapping behaviors and automated scannings to reduce exposure of assets.
  • Multi-dimensional Event Monitoring

    Monitoring common behaviors related to attack such as processes linked with particular endpoint, operations on the file and registry, or other network behaviors, can also work at the bottom layer of the system to monitor specific attack-related behaviors such as script execution, lateral movement and escalation.

  • Reasonable/Realistic Operations Methods

    Compared with the attack detection and intelligence framework of MITRE ATT&CK which is more theoretical, our (360) IoA intelligence is gathered from real scenarios, has been tested in countermeasures of APT campaigns, and has been tailored to focus on techniques the attacker tend to use. The number of noise points would be reduced.

  • Real-time Detection and Protection

    Can detect attack-related behaviors at the endpoint in real time, and block such behaviors before they gain any impact. A timely and effective method to deal with risks such as ransomware and APTs.

Threat Intelligence subscription
360 Endpoint Security Management System