Indicators of Compromise (IOC) Worthwhile in 2018?

Forum|Forum|7 years ago
July 11, 2018
0 replies
2706 views

Anybody have thoughts on using Fortinet's Indicators of Compromise (IOC) service in 2018?

I'm renewing a (5.6.x) FortiAnalyzer subscription and am considering adding IOC.

Last year it seemed that people were seeing a lot of false positives (https://forum.fortinet.com/tm.aspx?m=151711) but I haven't seen any comments in the forums on it this year.

IOC Questions for 2018:

[ul]

Has it caught useful stuff? Missed important stuff?

What level of false positives have you seen? Has Fortinet been responsive to update their info when you report them?

Has it needed FortiClient to make it truly useful?

How has it been with BYOD, Guest lans, wifi, etc.?

I assume/hope you can turn it OFF for certain subnets/vlans/interfaces/etc.? We have some locked down lans for testing newly designed hardware which can look pretty weird to security systems. Wouldn't want them causing IOC spam.[/ul]

Thanks in advance for your thoughts.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded