This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Blog
- RSA Response to SolarWinds/FireEye Attacks
ArthurFontaine
Occasional Contributor
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
2020-12-18
09:58 AM
As you’ve surely seen, a recently discovered supply chain attack has impacted numerous organizations including corporations, government agencies, and nonprofits. Information continues to emerge about the massive scope and scale of this attack and related threats. Unfortunately events like these illustrate that none of us are immune to attacks, especially when conducted by sophisticated threat actors associated with nation-states.
This post is to keep you informed of RSA’s response to this developing situation. Here’s what we can report:
- At this point, our investigation has determined that neither RSA nor RSA products use the SolarWinds Orion software affected by the SUNBURST vulnerability announced on December 13th, 2020. RSA will continue coordinating with SolarWinds and our vendors on implementing any appropriate countermeasures and monitoring for appropriate indicators.
- We are maintaining surveillance of the news and forensic archives regarding the SUNBURST attack on FireEye, which resulted in the theft of its “Red Team” tools for identifying vulnerabilities. We have implemented countermeasures for the indicators of compromise (IoCs) identified by FireEye within RSA NetWitness Platform, as well as other security tools we use internally.
Diving deeper, the links below outline the approach our teams are taking – many of which are deployable to our RSA NetWitness Network and Endpoint tools. We are publicly offering this information to all, including organizations that don’t have RSA NetWitness Network or Endpoint, so that anyone can transpose/map this content into their detection tools.
RSA Link (login may be required):
- General Security Advisories and Statements
- Statement and FAQs regarding FireEye breach & SolarWinds vulnerability
- FireEye Breach - Implementing Countermeasures in RSA NetWitness
- FireEye Breach -- Stages of the Attack
- Profiling Attackers Series | RSA Link
There’s also the CVE data included in the GitHub repository that identifies which vulnerabilities these tools were levied against.
As always, RSA stands with the cybersecurity industry and our customers in defending against malicious actors like the ones behind this major attack. If you have questions or concerns, or would like to speak with our technical teams, please let us know and we will coordinate efforts.
Labels:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Latest Articles
- Ransomware Email Attacks: Beware of BazarLoader
- Detecting Impacket with Netwitness Endpoint
- Exotic Lily: Global Activity Analysis
- Threat Research Data Hygiene Exercise: Retirement of Threat Research Intelligence Content and Report...
- Netwitness Orchestrator Dashboarding Overview
- Highlights from Recent Releases - Here's What's New in NetWitness Platform 11.7 and 11.7.1
- NetWitness News Bytes: Improved Broker Query Experience
- NetWitness News Bytes: Meta Only Event Reconstruction
- NetWitness News - Press Releases
- Endpoint Bundle Tuning
Labels
-
Announcements
52 -
Events
2 -
Features
9 -
Integrations
6 -
Resources
56 -
Tutorials
21 -
Use Cases
20 -
Videos
116
