SlideShare a Scribd company logo

Ivanti Insights Podcast - FireEye Breach

Ivanti
Ivanti

Ivanti security experts discuss the FireEye breach and how further investigation uncovered much larger SolarWinds breach. Find Ivanti's official statement on the FireEye and SolarWinds security incidents here: https://www.ivanti.com/blog/official-statement-on-solarwinds-and-fireeye-security-incidents

Technology
1 of 6
Download to read offline
Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Chris Goettl / Phil Richards Hosted by Adrian Vernon DECEMBER 16, 2020 FireEye Breach Investigation Uncovers Much Larger SolarWinds Breach
Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Vendor Risk Management Endpoint Detection and Response FireEye is an organization well equipped to investigate a security breach. It is no surprise that the cybersecurity firm quickly found how the attackers gained entry and what they compromised. The scope of the true incident is surprising. The source of the attack was found to be a backdoor introduced into SolarWinds Orion which may have been downloaded by as many as 18,000 entities globally. Ransomware FireEye Breach Part of a Larger Incident 25 Confirmed entities victimized by SolarWinds backdoor Data Theft SolarWinds Orion Trojan Continuous Vulnerability Management Red Team Exercises Emergency Response Planning Data Protection
Copyright © 2020 Ivanti. All rights reserved. 1.CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 10.0 2.CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 10.0 3.CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN - CVSS 9.8 4.CVE-2018-15961 – RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) - CVSS 9.8 5.CVE-2019-0604 – RCE for Microsoft Sharepoint - CVSS 9.8 6.CVE-2019-0708 – RCE of Windows Remote Desktop Services (RDS) - CVSS 9.8 7.CVE-2019-11580 - Atlassian Crowd Remote Code Execution - CVSS 9.8 8.CVE-2019-19781 – RCE of Citrix Application Delivery Controller and Citrix Gateway - CVSS 9.8 9.CVE-2020-10189 – RCE for ZoHo ManageEngine Desktop Central - CVSS 9.8 10.CVE-2014-1812 – Windows Local Privilege Escalation - CVSS 9.0 11.CVE-2019-3398 – Confluence Authenticated Remote Code Execution - CVSS 8.8 12.CVE-2020-0688 – Remote Command Execution in Microsoft Exchange - CVSS 8.8 13.CVE-2016-0167 – local privilege escalation on older versions of Microsoft Windows - CVSS 7.8 14.CVE-2017-11774 – RCE in Microsoft Outlook via crafted document execution (phishing) - CVSS 7.8 15.CVE-2018-8581 - Microsoft Exchange Server escalation of privileges - CVSS 7.4 16.CVE-2019-8394 – arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus - CVSS 6.5 What was stolen from FireEye?
Copyright © 2020 Ivanti. All rights reserved. If a top cybersecurity firm can be breached what chance do we stand? • First and most important, there is no 100% in cybersecurity. There is always going to be the next threat, the next exploit, the next zero day. • FireEye and SolarWinds were targeted by a well-funded, sophisticated, and persistent nation state threat actor with top-tier offensive capabilities. A strong cybersecurity program: • is about identifying and mitigating risk. • understands that no defense is perfect, and uses defense in depth. • assumes incidents will occur and plans to respond. • is always evolving and adapting based on real world attacks and information. • uses well-known security frameworks
Copyright © 2020 Ivanti. All rights reserved. Prioritizing for 2021 • FireEye Breach CVE List • NSA Top 25 CVEs targeted by Chinese State-Sponsored Actors • DHS CISA Top 10 Routinely Exploited Vulnerabilities • Gartner Top 10 Security Projects for 2021 • Coveware Ransomware Trends • Verizon Data Breach Investigations Report Footer
Copyright © 2020 Ivanti. All rights reserved. See you in January, 2021 as we launch the Ivanti Insights podcast series! Thank You!

Recommended

Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
Virtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - NetherlandsVirtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - Netherlands
Ivanti
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
Ivanti
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 

Recommended

Webinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch IntelligenceWebinar Ivanti Neurons For Patch Intelligence
Webinar Ivanti Neurons For Patch Intelligence
Ivanti
 
Virtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - NetherlandsVirtual Lunch & Learn - Netherlands
Virtual Lunch & Learn - Netherlands
Ivanti
 
Ivanti for msp
Ivanti for mspIvanti for msp
Ivanti for msp
Ivanti
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
Ivanti
 
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
6 Defence-In-Depth Security Tactics as Recommended by the National Cyber Secu...
Ivanti
 
Addressing Healthcare Challenges Today
Addressing Healthcare Challenges TodayAddressing Healthcare Challenges Today
Addressing Healthcare Challenges Today
Ivanti
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Ivanti
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Abhishek Goel
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
Shannon G., MBA
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Enterprise Management Associates
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
Bryson Bort
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
Symantec
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
SlideTeam
 
Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
DevOps.com
 
Protect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseProtect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat Defense
Adi Saputra
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
ForeScout Technologies
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT
SaeelRelekar
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
Shawn Nutley
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
DevOps.com
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
Cisco Canada
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
Zoe Gilbert
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open Enterprise
Symantec
 
Uncover security incidents with ESET Enterprise Inspector
Uncover security incidents with ESET Enterprise InspectorUncover security incidents with ESET Enterprise Inspector
Uncover security incidents with ESET Enterprise Inspector
Adi Saputra
 
Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
Ivanti
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
IBM Sverige
 

More Related Content

What's hot

NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
Bryson Bort
 
Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
DevOps.com
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 

What's hot (20)

How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
 
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
Challenges and Solution to Mitigate the cyber-attack on Critical Infrastruct...
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
Solving the Asset Management Challenge for Cybersecurity (It’s About Time)
 
NDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeawaysNDIA 2021 - solar winds overview and takeaways
NDIA 2021 - solar winds overview and takeaways
 
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
What lies ahead? 2016 Cyber Security Predictions from Symantec in the EMEA (E...
 
Cyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation SlidesCyber Security For Organization Proposal PowerPoint Presentation Slides
Cyber Security For Organization Proposal PowerPoint Presentation Slides
 
Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020Cyber Threat Intelligence: Highlights and Trends for 2020
Cyber Threat Intelligence: Highlights and Trends for 2020
 
Protect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat DefenseProtect your company from zero-day with ESET Dynamic Threat Defense
Protect your company from zero-day with ESET Dynamic Threat Defense
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 
Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
 
Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT Cyber Ethics: Cyber Security Services | VAPT and WAPT
Cyber Ethics: Cyber Security Services | VAPT and WAPT
 
Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021Top Cybersecurity Trends of 2021
Top Cybersecurity Trends of 2021
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere Tomorrow Starts Here - Security Everywhere
Tomorrow Starts Here - Security Everywhere
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
 
Enhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open EnterpriseEnhancing Authentication to Secure the Open Enterprise
Enhancing Authentication to Secure the Open Enterprise
 
Uncover security incidents with ESET Enterprise Inspector
Uncover security incidents with ESET Enterprise InspectorUncover security incidents with ESET Enterprise Inspector
Uncover security incidents with ESET Enterprise Inspector
 

Similar to Ivanti Insights Podcast - FireEye Breach

Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
IBM Security
 
Making Threat Management More Manageable
Making Threat Management More ManageableMaking Threat Management More Manageable
Making Threat Management More Manageable
IBM Security
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Invincea, Inc.
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416
Anthony Arrott
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
Lior Rotkovitch
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack Chain
IBM Security
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
PECB
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
patmisasi
 

Similar to Ivanti Insights Podcast - FireEye Breach (20)

Everything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeepEverything You Need to Know About BlueKeep
Everything You Need to Know About BlueKeep
 
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
Michael andersson - att ligga steget före in en allt mer hotfylld värld BC14
 
Nuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack ChainNuts & Bolts of the Dynamic Attack Chain
Nuts & Bolts of the Dynamic Attack Chain
 
Making Threat Management More Manageable
Making Threat Management More ManageableMaking Threat Management More Manageable
Making Threat Management More Manageable
 
2019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 20202019 Cybersecurity Retrospective and a look forward to 2020
2019 Cybersecurity Retrospective and a look forward to 2020
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by DownloadsStop Watering Holes, Spear-Phishing and Drive-by Downloads
Stop Watering Holes, Spear-Phishing and Drive-by Downloads
 
Volume And Vectors 090416
Volume And Vectors 090416Volume And Vectors 090416
Volume And Vectors 090416
 
Software management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdfSoftware management, the seasonal return of DDoS - This Week in Security.pdf
Software management, the seasonal return of DDoS - This Week in Security.pdf
 
IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015IBM X-Force Threat Intelligence Quarterly Q4 2015
IBM X-Force Threat Intelligence Quarterly Q4 2015
 
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
RIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdfRIFDHY RM ( Cybersecurity ).pdf
RIFDHY RM ( Cybersecurity ).pdf
 
Attack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack ChainAttack Autopsy: A Study of the Dynamic Attack Chain
Attack Autopsy: A Study of the Dynamic Attack Chain
 
105 Common information security threats
105 Common information security threats105 Common information security threats
105 Common information security threats
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 

More from Ivanti

More from Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Ivanti Insights Podcast - FireEye Breach

  • 1. Copyright © 2020 Ivanti. All rights reserved.Copyright © 2020 Ivanti. All rights reserved. Chris Goettl / Phil Richards Hosted by Adrian Vernon DECEMBER 16, 2020 FireEye Breach Investigation Uncovers Much Larger SolarWinds Breach
  • 2. Copyright © 2020 Ivanti. All rights reserved. Situation Analysis Recommendations Exploit Type: Exposure: Attack Vectors:Impact: Vendor Risk Management Endpoint Detection and Response FireEye is an organization well equipped to investigate a security breach. It is no surprise that the cybersecurity firm quickly found how the attackers gained entry and what they compromised. The scope of the true incident is surprising. The source of the attack was found to be a backdoor introduced into SolarWinds Orion which may have been downloaded by as many as 18,000 entities globally. Ransomware FireEye Breach Part of a Larger Incident 25 Confirmed entities victimized by SolarWinds backdoor Data Theft SolarWinds Orion Trojan Continuous Vulnerability Management Red Team Exercises Emergency Response Planning Data Protection
  • 3. Copyright © 2020 Ivanti. All rights reserved. 1.CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 10.0 2.CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 10.0 3.CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN - CVSS 9.8 4.CVE-2018-15961 – RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) - CVSS 9.8 5.CVE-2019-0604 – RCE for Microsoft Sharepoint - CVSS 9.8 6.CVE-2019-0708 – RCE of Windows Remote Desktop Services (RDS) - CVSS 9.8 7.CVE-2019-11580 - Atlassian Crowd Remote Code Execution - CVSS 9.8 8.CVE-2019-19781 – RCE of Citrix Application Delivery Controller and Citrix Gateway - CVSS 9.8 9.CVE-2020-10189 – RCE for ZoHo ManageEngine Desktop Central - CVSS 9.8 10.CVE-2014-1812 – Windows Local Privilege Escalation - CVSS 9.0 11.CVE-2019-3398 – Confluence Authenticated Remote Code Execution - CVSS 8.8 12.CVE-2020-0688 – Remote Command Execution in Microsoft Exchange - CVSS 8.8 13.CVE-2016-0167 – local privilege escalation on older versions of Microsoft Windows - CVSS 7.8 14.CVE-2017-11774 – RCE in Microsoft Outlook via crafted document execution (phishing) - CVSS 7.8 15.CVE-2018-8581 - Microsoft Exchange Server escalation of privileges - CVSS 7.4 16.CVE-2019-8394 – arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus - CVSS 6.5 What was stolen from FireEye?
  • 4. Copyright © 2020 Ivanti. All rights reserved. If a top cybersecurity firm can be breached what chance do we stand? • First and most important, there is no 100% in cybersecurity. There is always going to be the next threat, the next exploit, the next zero day. • FireEye and SolarWinds were targeted by a well-funded, sophisticated, and persistent nation state threat actor with top-tier offensive capabilities. A strong cybersecurity program: • is about identifying and mitigating risk. • understands that no defense is perfect, and uses defense in depth. • assumes incidents will occur and plans to respond. • is always evolving and adapting based on real world attacks and information. • uses well-known security frameworks
  • 5. Copyright © 2020 Ivanti. All rights reserved. Prioritizing for 2021 • FireEye Breach CVE List • NSA Top 25 CVEs targeted by Chinese State-Sponsored Actors • DHS CISA Top 10 Routinely Exploited Vulnerabilities • Gartner Top 10 Security Projects for 2021 • Coveware Ransomware Trends • Verizon Data Breach Investigations Report Footer
  • 6. Copyright © 2020 Ivanti. All rights reserved. See you in January, 2021 as we launch the Ivanti Insights podcast series! Thank You!