Several years back, industry analyst firm Gartner began circulating the idea that almost every major enterprise and government agency was either compromised or would be compromised at some point in time. This week, when we woke up to the news that FireEye and SolarWinds had joined the ranks of the hacked, we learned once again that Gartner was right. Even companies with advanced security expertise and expansive resources can’t escape this inevitable fact of digital life.
Forensic experts and news outlets are now following the trail of digital clues, trying to make sense of how both companies ended up on the hacked side of the equation. At a high level, we know that FireEye was compromised by a state-sponsored adversary. In the case of SolarWinds, it is looking like an adversary was able to dwell in victims’ networks for as long as nine months and that the prime suspect is the Kremlin.
There are undoubtedly many organizations wondering if they are caught up in the attacks, either by design or indirectly. Fortunately, those that have effective threat detection capabilities in place can utilize the information FireEye, SolarWinds, Anomali and other threat research organizations are providing to determine if they’ve been hit.
Anomali customers are already ahead of the game. As soon as the world becomes aware of an attack, Anomali Threat Research immediately front-loads Anomali ThreatStream with a threat bulletin that provides a detailed and concise narrative of the situation along with a comprehensive list of the known indicators of compromise (IOCs). Once added, information relevant to the incident (IOCs, reports from the security commun ..
Support the originator by clicking the read the rest link below.
