Indicators of Attack (IOA)

Indicators of Attack (IOAs) are behavioral patterns that suggest an active attack is underway, as opposed to Indicators of Compromise (IOCs) which suggest a breach has already occurred. IOAs focus on attacker behavior in real-time — reconnaissance activity, exploitation attempts, lateral movement patterns, or data staging for exfiltration.

IOAs are more proactive than IOCs because they can detect attacks while they're happening, potentially before the attacker achieves their objective. Security tools that analyze behavior patterns rather than just matching known signatures are better at detecting IOAs.

Why It Matters

Detecting IOAs gives you the opportunity to stop attacks in progress before CUI is compromised. The continuous monitoring and incident detection capabilities required by CMMC should include behavioral analysis that can identify attack patterns in real time.