By now it’s common knowledge that FireEye has disclosed they were the victims of an attack by a nation-state seeking government information. If you aren’t aware of the particulars of this attack, I strongly encourage you to take a few minutes and read the blog posted by the FireEye team. It includes details about the attack and what was compromised, as well as how the company plans to address the situation.
In the next few days, we will face a barrage of messages from vendors seeking to reassure their customers that this isn’t a big deal and/or use this as an opportunity to sell them additional solutions. What I want to do is cut through all this noise and share what the real takeaways are from this attack.
1. No one is Immune. Seriously.
By far this is the thing all of us should keep top-of-mind. It doesn’t matter if you’re a consumer or a multi-billion-dollar enterprise, no one is immune to an attack. FireEye kept their red team info in a guarded vault and it was still compromised. Be wary of any vendor or partner that promises or guarantees that this type of attack will not happen to you or to them because that’s simply not the case. Dr. Chase Cunningham, author of Cyber Warfare – Truth, Tactics and Strategies and Principal Analyst at Forrester lays this out pretty clearly in his latest video.
2. Post-Attack Transparency is Paramount
The FireEye team did everything right here, including posting a list of countermeasures for publicly-available technologies. As they’ve demonstrated, by far the most important thing any organization can do once it has been the victim of an attack is clearly and openly communicate what happened, how they’re moving forward, and what their customers and partners need to know and need to do.
Transparency is particularly critical with this attack as we do not know if the attackers in this case plan to use the Red Team tools themselves or release these tools publicly. Because FireEye has been transparent in detailing exactly what was compromised, organizations can be ready for either scenario.
3. Moving Forward – Vigilance
Look – FireEye isn’t the first and won’t be the last major vendor targeted by nation-state attackers. What will be critical as we move forward is continued vigilance and an understanding that security is not a static event but an ongoing process. This means constantly evaluating your security efforts and ensuring all of your solutions reflect the latest updates and patches.
In the spirit of constant vigilance, there are a few things Stealthbits customers should know in the wake of this attack. First, rapid patching is the front line of defense, so I encourage you to verify you are patched for these vulnerabilities as we expect an uptick in exploitation. Second, deploy the YARA rule set to detect the FireEye tooling in their EDR solution. The point of this blog is not to criticize FireEye or any other security vendor who has faced an attack or break in the last few years. In fact, it’s the opposite, in face of an attack, FireEye has responded absolutely the best way possible – by being transparent. The message I want to leave you with is focused on a way forward – to identify a pragmatic solution to eradicate these attackers. Let us find ways we can work together and stay vigilant, offering the very best protection to keep your critical assets safe.
If anyone has any questions or would like to discuss Stealthbits solutions, I invite you to reach out to me personally at Jim.Barkdoll@stealthbits.com.
As CEO, Jim leads the overall vision, growth strategy and go-to-market initiatives for Stealthbits – now part of Netwrix. With more than 20 years of executive leadership and business development experience, Jim has established an extensive track record of successfully growing teams and revenues within enterprise, midmarket, SME and channel customers.
Previously Jim served as Titus’ CEO, the leader in Data Classification, and executed on successful transactions to Blackstone and ultimately to HelpSystems. Prior to Titus, Jim was EVP of Sales at Toushay Inc. Prior to Toushay, Jim served as V.P. Sales with BlueCat Networks, Inc. and spent 10 years with Quest Software in a variety of senior management roles.
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Read more© 2022 Stealthbits Technologies, Inc.
Leave a Reply