Indicators of compromise (IOCs) are a losing battle for security teams as they are easily changed by the attackers. Adopting a detection strategy based on Tactics, Techniques, and Procedures (TTPs) returns power to the defender.
What you will learn:
- Why IOC-based detection is no longer effective and the benefits of a TTP-based
- How Attackers easily change IOC artifacts but lack the time and effort to modify their core tools and techniques
- How a large commercial bank switched to a TTP-based approach and immediately stopped a major APT