1 article with this tag
An IOC (Indicator of Compromise) is a trace a breach leaves behind — known-bad file hashes, attacker IPs/domains, URLs, unusual processes. Its value is mechanically detecting/blocking known-bad. But it's a reactive clue attackers can swap cheaply, so IOC matching is a last-check, not a cure. The real defense is a design that doesn't burn (least privilege, patching, MFA).