Indicators of Attack

Applies To: WatchGuard EPDR, WatchGuard EDR

WatchGuard Threat Hunting Services are a set of specialized technologies and human resources that detect lateral movements and other early indicators of malware activity before the malware takes action.

Threat Hunting Services enable network administrators to quickly detect compromised devices, early-stage attacks, and suspicious activities. Specifically, Threat Hunting Services help detect:

  • Malwareless and remote desktop (RDP) attacks.
  • Computers already compromised.
  • Hackers and malicious employees.

On the Indicators of Attack (IOA) dashboard in WatchGuard EPDR and WatchGuard EDR, network administrators can see information related to detections by Threat Hunting Services, such as Indicators of Attack, advanced investigations, attack graph views, and MITRE tactics and techniques.

Indicators of Attack (IOA) are confirmed events that are highly likely to be an attack. The WatchGuard Security team reviews events received from endpoints to confirm they match a specified attack hypothesis.

We strongly recommend you contain the IOA and remediate affected endpoints as soon as possible.

MITRE ATT&CK Matrix

The MITRE Corporation is a not-for-profit company that operates federally-funded Research and Development centers to address security issues. It offers practical solutions in the fields of defense and intelligence, aviation, civil systems, national security, judiciary, health, and cybersecurity.

ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a set of resources developed by the MITRE Corporation to describe and categorize cybercriminal activities based on observations from around the world. ATT&CK is a structured list of known attack behaviors categorized into tactics and techniques and shown as a matrix.

Technique (How)

In ATT&CK terminology, techniques represent the method (or the strategy) that an adversary uses to achieve a tactical objective. For example, to access credentials (tactic), an adversary executes a data dump (technique).

Tactic (Why)

In ATT&CK terminology, tactics represent the ultimate motive or goal of a technique. It is the tactical objective of the adversary: the reason to take an action.

The MITRE ATT&CK matrix is a useful resource to develop defensive, preventive, and remedial strategies for organizations. For more information about the ATT&CK matrix, go to https://attack.mitre.org/.

See Also

Indicators of Attack Dashboard