Blog > Best Practices Fighting the Good Fight with FireEye

Monday, Dec 14, 2020

BY: Lewie Dunsworth - NUSPIRE CHIEF EXECUTIVE OFFICER

I’ve been reminded this past week (in an industry that bands together to protect its clients from hackers, or digital bullies) that a breach can happen to anyone.

In a recent statement, FireEye disclosed information that their “red team tools” were stolen as part of a highly sophisticated, likely government-backed hacking operation that used previously unseen techniques. We are sad to hear that one of our cybersecurity comrades, FireEye, experienced this sophisticated attack.

There are so many people I admire and respect who currently work for FireEye or have worked for them in the past. I’m sure they’re all sickened by what has happened and have no doubt they will show us all how to deal with these types of breaches in the future. As a cybersecurity community, we are all fighting the good fight and appreciate the transparency from FireEye.

What Are We Doing to Help?

At Nuspire, we have our full team of security experts, internal tools and technologies, and our partners at SentinelOne and Fortinet working together to continue to keep our customers secure.

Since this breach, we have proactively hunted across our entire enterprise and customer-base looking for the specific indicators of compromise (IOC)s disclosed by FireEye. We also set up alerting across the entire enterprise to ensure that if any of those indicators come to fruition, our customers are notified in a timely manner through our internal escalation process.

Nuspire has proactively applied those IOCs and countermeasures to our managed SIEMs and MDR platforms as applicable. We will continue to monitor for any usages of those tools across our customer base. For any questions or concerns please contact your Nuspire representative.

Always Protect Your Assets

Our Director of Threat Intelligence and Rapid Response, Jerry Ngyuen encourages everyone to act on this reminder to identify and protect their organization’s crucial assets. Once identified, it’s important to understand what is protecting those assets and to test against that protection regularly. If you haven’t done so recently, ask yourself:

  • Do you know where your assets are stored?
  • Do you know where your intellectual property is at?
  • How are they protected?
  • Have you tested it recently/how often do you test?

In addition, it’s always important to ensure you have the proper alerting and preventions in place and are leveraging your tool stack, MSP or MSSP to its fullest potential.

At Nuspire, we rely on our team of security experts, SentinelOne and our other partners to hunt and investigate IOCs 24x7x365. We have predefined processes in place, and we test those processes via tabletop exercises regularly with our technical team and business leaders to ensure everyone understands the process if an incident like this occurs.

What’s Next?

With FireEye’s transparency, we learn more about what happened and the impacts of it. We will diligently work with the industry, our partners and our clients to adapt, and take immediate action, to leverage whatever security controls we have in place to protect our clients, and ourselves, from any threats. Nuspire will continue to update its systems and hunt for IOCs as information continues to be disclosed by FireEye.

Our thoughts are with their colleagues and customers. We’re all in this together.