Explosive news about vulnerabilities found in FireEye's security software are hitting the headlines. ZDNet, Ars Technica, PCworld and more reported about the findings by the Google Project Zero researchers. First, let’s give kudos to FireEye for acting quickly on the discovery and release a final patch in a matter of days, thus preventing a nightmare in which a remote code executing would lead to compromise the entire computer system and network of their customers.
We asked our Chief Scientist, Mordechai Guri, to pinpoint the core problem that is once more brought to the surface by the FireEye instance:
“A major risk in centralized intrusion detection systems (IDS), intrusion prevention systems (IPS) and similar systems, lies in the fact that they are THE main entry point for all emails, downloads and network traffic entering the organization. When such a system is compromised, the attacker has its foothold on the one of the privileged systems in the network that is exposed to all network traffic. In the case of FireEye, a critical remote code execution vulnerability was found in one of their java (jar) parsing and analysis modules. Attackers can – just by sending an email – completely compromise FireEye's device, then using its high privileges to propagate further into the internal network. This weakness is not specific to FireEye. It is a problem that exists in all centralized network applications and creates a high potential for risk. Once such a centralized application is bypassed, it exposes all of the system’s users, turning them into easily exploitable targets."
Endpoint IS the last-line of defense
“It’s a fact: an attacker can bypass costly, high end monitoring devices and go on to its most lucrative targets – the endpoints. As events like this become commonplace, security officers and IT managers start to understand that modern endpoint protection is a must-have. The reasoning is clear: In the end, your adversary will reach your endpoints, no matter how many layers of protection you use at the network level.
As not all endpoint security solutions are made equal, we can learn an important lesson from the FireEye case: if attackers know in advance what to expect – it is only matter of time until they break it. We see our unique approach validated by this. Leveraging Morphisec’s Moving Target Defense, the protection of endpoints achieves unparalleled levels. Each endpoint is protected in an exclusive, dynamic and constantly changing manner. In this way, there is no single attack that can impact all the endpoints across the entire enterprise. ”
Morphisec Endpoint Security delivers protection to keep your enterprise and users safe. For more information about Morphisec Moving Target Defense or to run a proof-of-value test, please get in touch.