Vulnerabilities / Threats
3/27/2014
06:00 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

FireEye Releases Comprehensive Analysis of 2013 Zero-day Attacks; Impact on Security Models

New Research Paper Offers Insight into Industry's Leading Zero-day and Advanced Threat Detection Models

Milpitas, CA - Mar 27, 2014 – FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced the release of “Less Than Zero: A Survey of Zero-day Attacks in 2013 and What They Say About the Traditional Security Model.” Through an analysis of the 11 zero-day vulnerabilities discovered in 2013 by FireEye - by far the most discoveries of any security company that year - the paper provides context around the advanced threats these vulnerabilities enable as well as guidance to enterprises on mitigating these hidden problems.

“Advanced threats against enterprises today thrive on exploiting the unknown and evading blocking techniques thanks to a growing, global marketplace for selling software vulnerabilities,” said Zheng Bu, vice president of security research, FireEye. “The old security model of tracking known threats and relying on signature-based solutions are simply powerless to stop zero-day threats. The number of zero-day attacks profiled in the paper highlight why organizations need to take a new approach to security by combining next-generation technology with human expertise.”

The 11 zero-days analyzed were uncovered and evaluated by FireEye Labs using threat intelligence from more than two million virtual machines communicating into the FireEye® Dynamic Threat Intelligence™ (DTI) cloud. The technology has already found two of the four zero-days uncovered in 2014. Evading traditional cyber defenses, these zero-days facilitated attacks against consumers and organizations, including the Council on Foreign Relations and the U.S. Department of Labor. Looking beyond just blocking these vulnerabilities, FireEye forensics experts found that watering-hole attacks targeting specific audiences and industries are a rapidly rising trend in the attack space.

“While FireEye’s “Less Than Zero” paper is a must-read for security professionals, it is equally important for business executives as a means for understanding what they are up against,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “Today’s sophisticated cyber adversaries can easily circumvent existing security controls, penetrate corporate networks, and may ultimately be used to steal extremely valuable data. CEOs must come to terms with these threats and make sure to align them with their overall risk management, business planning, and fiduciary responsibilities.”

“Less Than Zero” is a continuation of the FireEye mission to support the next generation of security. It provides advice to readers on how networks, incident response, and application management should be approached to deal with the advanced, unknown threats of today. More of the company’s recently published researched can be found on theFireEye blog, including its 2013 Advanced Threat Report that uncovered enterprises are attacked on average once every 1.5 seconds.

To view a full copy of “Less Than Zero: A Survey of Zero-day Attacks in 2013 and What They Say About the Traditional Security Model” please visit: http://www.fireeye.com/resources/pdfs/white-papers/fireeye-zero-day-attacks-in-2013.pdf.

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,900 customers across more than 60 countries, including over 130 of the Fortune 500.

Media Contact

Vitor De Souza
FireEye, Inc.
vitor.desouza@fireeye.com
(415) 699-9838

# # #

© 2014 FireEye, Inc. All rights reserved. FireEye and Dynamic Threat Intelligence are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
securityaffairs
100%
0%
securityaffairs,
User Rank: Ninja
3/27/2014 | 7:53:05 PM
FireEye ... an excellent score
Zero-day attacks are very insidious, in the majority of the cases these offensives go undetected for several years causing serious damages in term theft of sensible data and intellectual property.

Zero-day detection need a structures approach to security, attackers are using tactics even more sophisticated and experts at FireEye demonstrated in 2013 to be one of the most active and efficient security team.

The acquisition of Mandiant will reinforce it leadership and capabilities to early detect such cyber threats.
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.