Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
As part of the breach disclosure, FireEye published a list of vulnerabilities that the Mandiant team uses as well as a list of countermeasures that can be applied to other security tools for monitoring purposes. Many manufacturers may already have pre-developed policies and rules for the disclosed vulnerabilities and tools or will develop dynamic content and policies that can be imported over the next few days. Most also support manual methods as well that are described below. In most cases though, these policies and rules will still need to manually be validated, applied and monitored. Here is a list of several network security manufacturers and methods for importing the FireEye countermeasures.
Cisco AMP – uses Snort import (all-snort.rules)https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117924-technote-firesight-00.html
Palo Alto Networks – import Snort (all-snort.rules)
Palo Alto Networks – Firewall Appliancehttps://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-threat-signature/create-a-custom-threat-signature-from-a-snort-signature
Palo Alto Networks – Panorama (as of PANOS 10.x)
Checkpoint – import Snort (all-snort.rules)
Checkpoint has responded to the incident with the following community post and states updated on it’s approach to both exploits and attack tools.
Fortinet – FortiSandbox- import Yara rules
Fortinet – Fortigate - Snort conversion is required (all-snort.rules)
Proofpoint – Emerging Threats (see latest Snort/Suricata rule set)
As always, Optiv stands ready to assist you with any security matter during these complex and trying times. If you need help, please do not hesitate to contact us at firstname.lastname@example.org.
Read Optiv’s FireEye Breach Perspective – Optiv's SVP, Cyber Defense Applied Security, Anthony Diaz, offers some steps organizations should take to secure their operations both short and long-term.
Software supply chain compromise explained: What you need to know and lessons learned. Join us for an important panel discussion featuring Optiv threat experts, who will uncover what we know of the compromise and its implications for organizations.