NEW

The True Cost of a Security Breach

Arrow pointing right
ExtraHop Logo
Contact us
Menu iconX icon
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right
Sign In
Contact us

Arrow pointing leftBlog

Advanced Persistent Threats Can Affect Even the Best of Us

ExtraHop

December 10, 2020

When a significant data breach hits the news, a firestorm of emails and articles inevitably follows. Some stick to sharing the facts. Others attempt to capitalize on the fear, uncertainty, doubt, and damaged trust to sell more products. Most of this noise does nothing to contribute to improving the security of their customers.

We respect the challenge FireEye faces in responding to this breach and feel that the security community needs to be supportive of their effort to disclose and contain the risks.

ExtraHop has received many inquiries, and expects many more, about whether we can protect our customers in the wake of this breach. The purpose of this post is to acknowledge that when a breach happens it changes the risk landscape for everyone, and it reinforces the need for a layered security approach that emphasizes post-compromise visibility and response.

What We're Doing Now

ExtraHop is closely tracking the situation and providing advice to our customers on any actions that need to be taken. ExtraHop's network detection and response solution provides our customers with the ability to detect the tactics represented in the FireEye Red Team tools that are now in the wild.

In particular, ExtraHop has strong detection capabilities for beaconing, data exfiltration, and other command and control techniques used in the FireEye Red Team tools. We are working with our customers on an individual basis to address specific concerns and ensure they have the coverage they need. For customers who would like direct support for any questions, please contact your ExtraHop representative.

More broadly, this breach is a reminder we live in a post-compromise world: APTs have already bypassed the firewalls and preventative controls and are inside the enterprise. It is vital to have an internal and trustworthy viewpoint to detect and investigate suspicious behaviors, as well as provide a forensics trail if a breach happens.

As Rob Joyce, former leader of the NSA's Tailored Access Operations said back in 2016, "[An attacker's nightmare is] an 'out-of-band network tap'—a device that monitors network activity and produces logs that can record anomalous activity—plus a smart system administrator who actually reads the logs and pays attention to what they say."

If the situation warrants any further public comment from ExtraHop, we will cross that bridge when we come to it.

Discover more

CybersecurityCommunity

Explore related articles

What is DNS Tunneling and How to Protect Against It

October 19, 2020

Learn how DNS tunneling attacks work and what you can do to protect against them. Examples included!

CybersecurityRevealXNDRTips and Hacks
Read articleArrow pointing right

SQL Injection Attacks: What Are They and How to Detect Them (with Examples!)

October 13, 2020

Learn how SQL injection attacks work and what you can do to protect against them. Examples included!

CybersecurityRevealXNDRTips and Hacks
Read articleArrow pointing right

What's Worse? RDP Open to the Internet or Closing Up Shop? RDP Best Practices to Follow in 2020

May 29, 2020

Enabling remote desktop protocol has been important to support work-from-home access in 2020. Read five best practices to follow for the RDP protocol.

Security AlertsCybersecurityTechNDRIndustry Trends
Read articleArrow pointing right

Experience RevealX NDR for Yourself

Schedule a demo
Contact us