Vulnerabilities / Threats
12/23/2013
10:28 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

FireEye Releases 2013 Lab Performance Stats

Among the findings: discovery of 11 zero-day threats

MILPITAS, Calif., December 19, 2013--FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today's advanced cyber attacks, today announced that FireEye Labs discovered more zero-day advanced attacks than any security company in 2013. The attacks include:

Operation DeputyDog (CVE-2013-3893)

Operation Ephemeral Hydra (CVE-2013-3918)

Council of Foreign Relations watering hole attack (CVE-2012-4792)

Department of Labor watering hole attack (CVE-2013-1347)

Zero-day attacks exploit previously unknown vulnerabilities in widely deployed software programs, such as Microsoft® Internet Explorer® or Adobe® Acrobat®. These advanced attacks exploit the vulnerability to alter the targeted program so that subsequent malicious behavior is extremely difficult to detect.

"Today's advanced attacks require a fundamentally different approach to security," said David DeWalt, FireEye CEO. "By combining the threat intelligence gathered from more than 2 million virtual machines, industry-leading cyber threat research, and the expertise of some of the most experienced incident response and forensic experts in the field, FireEye helps our customers stay ahead of cyber attacks."

The FireEye Labs research team is led by senior director of research, Zheng Bu, and the FireEye Labs field team is led by Bill Hau, vice president of professional services.

Today, FireEye Labs employs security researchers in locations around the world, including Milpitas, CA, Reston, VA as well as Singapore, Bangalore, India, and Cork, Ireland.

FireEye Services, which is now a part of FireEye Labs, has security experts in five major geographic theaters to collect and disseminate threat intelligence, while advising clients on incident response, digital forensics, and overall security risk management.

FireEye Labs leverages threat intelligence from over 2 million of virtual machines communicating into the FireEye® Dynamic Threat Intelligence&trade (DTI) cloud. This enables FireEye Labs to observe attack patterns and provide accurate and timely intelligence to better protect customers' networks. With unprecedented insight into advanced persistent threats (APTs), the FireEye APT Discovery Center&trade catalogs and analyzes hundreds of current and past APT campaigns and updates threat detection algorithms frequently. The APT Discovery Center characterizes APT attacks by technical footprint, geography, and target industry to help security teams, law enforcement, and governments improve security defenses.

Some of the major accomplishments of this combined team in 2013 include:

· Building the FireEye Zero-Day Discovery Center that uncovered 11 zero-day vulnerabilities exploited in targeted attacks.

· Finding two major vulnerabilities in Google's Android&trade mobile operating system.

· Uncovering the 14 most common sandbox evasion methods.

· Cataloging 160 APT campaigns across 25 million attack events.

· Leveraging next-generation analytics that helped identify high-profile advance campaigns such as Operation DeputyDog and Operation Ephemeral Hydra.

· Establishing Cyber Forensic Labs in five major locations across the globe to support customers with evidence acquisition, chain of custody, and investigations as necessary.

FireEye Services is comprised of a team of experts who investigate breaches for some of the world's largest enterprises and governments. This team is available to support and manage all aspects of security research and provide risk management expertise. Advanced services available to customers include global incident response, digital forensics, penetration testing, red carpet services, APT Health Checks, incident response planning, and advanced threat risk assessments.

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,300 customers across more than 40 countries, including over 100 of the Fortune 500.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web