San Francisco, California -- Indicators of compromise (IOCs) are dead. If your MSSP wants to truly leverage threat intelligence, you need to be able to predict future attacks.No, really. That's exactly what Silent Push, a detection-focused threat intelligence company headquartered in Reston, Virginia, is doing with its indicators of future attack (IOFA) technology. Silent Push was founded in 2020 by Ken Bagnall, formerly VP of product at FireEye, and counts 50% of global Fortune 50 companies as customers within 18 months of its launch. The firm has raised approximately $22 million in its last Series A funding round, and Ten Eleven Ventures and StepStone are among its backers.At RSAC 2025, Brad Arnold, chief customer officer, Silent Push, told MSSP Alert that the company creates indicators of future attacks by mapping out the internet on a daily basis, focusing on changes in IPS and DNS.Using a proprietary collection mechanism means Silent Push isn't buying data, nor are they restricted by data usage or governance restrictions, Arnold said."That allows us to map the attackers' infrastructure. So, the bad guys are setting up whatever they need to launch those attacks by mapping it all out, and we can follow that. We know what hardware or infrastructure they're going to use before they use it. With indicators of compromise, IOC, you can only know when it's already happened. So you're behind the times -- our goal is to deliver you feeds of intelligence, IPS, DNS, so that you can block the bad guys before they actually attack," Arnold explained.They're looking for specific indicators, like fingerprints, that match tactics, techniques, and procedures (TTPs), or activity across adversary networks that indicate an attack is imminent, Arnold said."It's like a fingerprint -- that's a good analogy. You have a 'fingerprint' match that's four, six, twelve, however many point match. We look for movement across the adversary's networks and the different ways they set themselves up. IP diversity, for example, is one of our things we look for. So, you've heard about Fast Flux, and how threat actors will spin through various IP addresses. So we look for all of that, you know, as well as any other 'known bad.' If you've seen the bad guy before, you know what he looks like, right? You can use some of those as markers to increase that good requirement," he said.Silent Push's IOFA technology works without the need for agents on any customers' networks by using what Arnold called 'passive aggressive DNS.' Silent Push actively pings anything that's seen as having recent changes, which helps MSSPs identify it and be able to monitor it for malicious activity."You've heard of passive DNS, but we put an 'A' in there -- it's 'passive aggressive DNS,' -- and active is another word sometimes we use for the 'A.' We're actively pinging anything that we see that changes. That way we know if it's there, even if they're not actively using it. So, we create the active traffic so they can't hide behind it," he said.For MSSPs and channel partners, Silent Push can help them differentiate their offerings with regard to threat intelligence. The technology allows them to use their threat intelligence feeds to implement a blocking strategy across their customer base and/or leverage the information to perform threat hunting, Arnold said. Silent Push also integrates with solutions the MSSP or their customer already has to layer on additional protection, he said.Silent Push is currently in growth mode within the channel, Arnold said, and is looking for partners to build out their channel ecosystem."We've got partners in Japan, the Philippines, Singapore, Germany, the UK, Middle East, and then all across the U.S. And our partners are everything from distributors to resellers to MSPs, which is pretty broad, especially for our size," he said."Our best sales team is the channel -- they're closer to the customer, so rather than fight that, we embrace it so they, and we, can be successful," Arnold said. "The bottom line is that IOCs are dead. They're old news, they're boring, they're table stakes. The education we're doing is to get people thinking about preemptive security and getting ahead of things. I like to call it the crystal ball. Because if you could know the future, why wouldn't you want to?"
Threat Intelligence, Breach
RIP IOCs: Silent Push Gives MSSPs a Look at Future Attacks
Adobe Stock
Sharon Florentine
Sharon manages day-to-day content on ChannelE2E and serves as Editorial Director for CyberRisk Alliance’s Channel Brands. She also covers enterprise-class technology companies, strategic alliances and channel partner strategies. Sharon is a veteran tech journalist and editor with more than 25 years experience in the industry, and has previously held key editorial, content and leadership positions at Techstrong Group, CIO.com, Ziff Davis Enterprise and CRN.
You can skip this ad in 5 seconds