The proper identification of indicators of compromise (IoCs) — whether generated from misguided negligence, a well-intentioned operational change, or the acts of a malicious insider or external attacker via compromised account credentials — often occurs only after data exfiltration has succeeded. Fortunately, IT infrastructure (secifically, application processes, workloads, sessions, and network connections) doesn’t lie.

Read full article on Dark Reading