<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

Stamus ND/NDR is Armed to Detect Stolen FireEye Red Team Tools

Yesterday, FireEye/Mandiant announced that a “highly sophisticated state-sponsored adversary stole FireEye Red Team tools.” We agree with a Microsoft spokesperson who was quoted as saying “This incident demonstrates why the security industry must work together to defend against and respond to threats posed by well-funded adversaries using novel and sophisticated attack techniques.” 

Stamus Networks and our partners are already working together to ensure a swift and thorough response. Here are the steps we are taking:

Last night our partner Proofpoint published a set of 42 signatures for their ETPro Suricata ruleset. These contain specific detection mechanisms for the offending tools. The ETPro team is working as we write this to develop even more detection signatures for these stolen tools.

For users of the Stamus Network Detection (Stamus ND) and Stamus Network Detection and Response (Stamus NDR) who subscribe to the ETPro feed, these new signatures will be activated by default at your next scheduled update. You may find these in your system by searching for “[fireeye]” signatures from the Enriched Hunting user interface. 

ETPro-FireEye-Sigs-in-SSP

Figure 1. ETPro rules for detecting FireEye tools in Stamus ND/NDR

For those who are using SSP for proactively threat hunting, Scirius Enriched Hunting may be configured to auto classify "fireeye" alerts, allowing for rapid identification and classification of these events.

Finally, the Stamus Networks Threat Research team have developed a dedicated threat named “FireEye” and a set of associated threat vectors for Stamus Security Platform which will identify a “Stamus Threat” if any of your assets are attacked by the stolen tools. This new threat intelligence is available immediately and will be delivered to all customer systems that are configured for automatic updates.

Stamus Security Platform (NDR) represents the state of the art in network security. NDR represents the evolution of network threat detection tools that aims to replace the capabilities of intrusion detection (IDS) and network security systems (NSM).
Peter Manev

Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) at Stamus Networks. He is a member of the executive team at Open Network Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software, and he is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is a regular speaker and educator on open-source security, threat hunting, and network security at conferences and live-fire cyber exercises, such as Crossed Swords, DeepSec, Troopers, DefCon, RSA, Suricon, SharkFest, and others. Peter resides in Gothenburg, Sweden.

Schedule a Demo of Stamus Security Platform

REQUEST A DEMO

Related posts

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network by Dallon Robinette

In the Trenches with NDR: NDR Discovers Crypto Wallet Stealer on U.S. University's Network

Tl:DR: A Large U.S. university lacked sufficient visibility into a large segment of its environment...

The Rise of Network Infrastructure Attacks and What to do About Them by Mark Durrett

The Rise of Network Infrastructure Attacks and What to Do About Them

TL;DR: In recent months, CISA, MITRE, CVE.org, and others have announced critical vulnerabilities...

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue by Dallon Robinette

In the Trenches with NDR: K-12 School District Maximizes Visibility While Avoiding Alert Fatigue

TL;DR: An American school district needed to monitor over 5000 school-owned student devices, making...

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.