Indicators of Compromise were meant to solve the failures of signature-based detection. Despite all of the IOC standards, feeds and tools, attackers remain successful, and most threat data is shared in flat lists of hashes and addresses. This session will explore why IOCs haven't raised the bar, how to better utilize brittle IOCs and how to use the data intrinsic to your own endpoints to craft better IOCs.