Indicators of Compromise (IOCs) are a valuable tool for administrators and network defenders. However, what happens when an attacker doesn’t trigger the expected alerts, or worse, they blend in with alerts that go unnoticed or ignored? Conrad Constantine, a research team engineer with AlienVault Labs, was part of the incident response team in 2011 during the RSA breach. He said serious targeted breaches (with actual human operators behind the attack) will soon blend in and avoid the use of identifiably malicious software.”]
Source: https://www.csoonline.com/article/2134202/developing-business-driven-indicators-of-compromise.html