This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Community Blog
Subscribe to the official NetWitness Community blog for information about new product features, industry insights, best practices, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Blog
  • RSA Response to SolarWinds/FireEye Attacks

RSA Response to SolarWinds/FireEye Attacks

ArthurFontaine
Occasional Contributor ArthurFontaine Occasional Contributor
Occasional Contributor
Options
  • Subscribe to RSS Feed
  • Mark as New
  • Mark as Read
  • Bookmark
  • Subscribe
  • Email to a Friend
  • Printer Friendly Page
  • Report Inappropriate Content
‎2020-12-18 09:58 AM

As you’ve surely seen, a recently discovered supply chain attack has impacted numerous organizations including corporations, government agencies, and nonprofits.  Information continues to emerge about the massive scope and scale of this attack and related threats.  Unfortunately events like these illustrate that none of us are immune to attacks, especially when conducted by sophisticated threat actors associated with nation-states.

 

This post is to keep you informed of RSA’s response to this developing situation.  Here’s what we can report:

  • At this point, our investigation has determined that neither RSA nor RSA products use the SolarWinds Orion software affected by the SUNBURST vulnerability announced on December 13th, 2020. RSA will continue coordinating with SolarWinds and our vendors on implementing any appropriate countermeasures and monitoring for appropriate indicators.
  • We are maintaining surveillance of the news and forensic archives regarding the SUNBURST attack on FireEye, which resulted in the theft of its “Red Team” tools for identifying vulnerabilities.  We have implemented countermeasures for the indicators of compromise (IoCs) identified by FireEye within RSA NetWitness Platform, as well as other security tools we use internally.

 

Diving deeper, the links below outline the approach our teams are taking – many of which are deployable to our RSA NetWitness Network and Endpoint tools. We are publicly offering this information to all, including organizations that don’t have RSA NetWitness Network or Endpoint, so that anyone can transpose/map this content into their detection tools.

 

RSA Link (login may be required):

  • General Security Advisories and Statements
  • Statement and FAQs regarding FireEye breach & SolarWinds vulnerability
  • FireEye Breach - Implementing Countermeasures in RSA NetWitness
  • FireEye Breach -- Stages of the Attack
  • Profiling Attackers Series | RSA Link

 

There’s also the CVE data included in the GitHub repository that identifies which vulnerabilities these tools were levied against.

  • FireEye Red Team Tool Countermeasures

 

As always, RSA stands with the cybersecurity industry and our customers in defending against malicious actors like the ones behind this major attack.  If you have questions or concerns, or would like to speak with our technical teams, please let us know and we will coordinate efforts.

Labels:
  • Resources
  • attack tools
  • fireeye
  • NetWitness
  • netwitness.
  • NW
  • NWP
  • resource
  • RSA NetWitness
  • RSA NetWitness Platform
  • solarwinds
1 Like
Share

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

  • Comment
Latest Articles
  • Ransomware Email Attacks: Beware of BazarLoader
  • Detecting Impacket with Netwitness Endpoint
  • Exotic Lily: Global Activity Analysis
  • Threat Research Data Hygiene Exercise: Retirement of Threat Research Intelligence Content and Report...
  • Netwitness Orchestrator Dashboarding Overview
  • Highlights from Recent Releases - Here's What's New in NetWitness Platform 11.7 and 11.7.1
  • NetWitness News Bytes: Improved Broker Query Experience
  • NetWitness News Bytes: Meta Only Event Reconstruction
  • NetWitness News - Press Releases
  • Endpoint Bundle Tuning
Labels
  • Announcements 52
  • Events 2
  • Features 9
  • Integrations 6
  • Resources 56
  • Tutorials 21
  • Use Cases 20
  • Videos 116
Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.