FireEye Releases Comprehensive Analysis of 2013 Zero-day Attacks; Impact on Security Models
New Research Paper Offers Insight into Industry’s Leading Zero-day and Advanced Threat Detection Models
FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced the release of “Less Than Zero: A Survey of Zero-day Attacks in 2013 and What They Say About the Traditional Security Model.” Through an analysis of the 11 zero-day vulnerabilities discovered in 2013 by FireEye - by far the most discoveries of any security company that year - the paper provides context around the advanced threats these vulnerabilities enable as well as guidance to enterprises on mitigating these hidden problems.
“Advanced threats against enterprises today thrive on exploiting the unknown and evading blocking techniques thanks to a growing, global marketplace for selling software vulnerabilities,” said Zheng Bu, vice president of security research, FireEye. “The old security model of tracking known threats and relying on signature-based solutions are simply powerless to stop zero-day threats. The number of zero-day attacks profiled in the paper highlight why organizations need to take a new approach to security by combining next-generation technology with human expertise.”
The 11 zero-days analyzed were uncovered and evaluated by FireEye Labs using threat intelligence from more than two million virtual machines communicating into the FireEye® Dynamic Threat Intelligence™ (DTI) cloud. The technology has already found two of the four zero-days uncovered in 2014. Evading traditional cyber defenses, these zero-days facilitated attacks against consumers and organizations, including the Council on Foreign Relations and the U.S. Department of Labor. Looking beyond just blocking these vulnerabilities, FireEye forensics experts found that watering-hole attacks targeting specific audiences and industries are a rapidly rising trend in the attack space.
“While FireEye’s “Less Than Zero” paper is a must-read for security professionals, it is equally important for business executives as a means for understanding what they are up against,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “Today’s sophisticated cyber adversaries can easily circumvent existing security controls, penetrate corporate networks, and may ultimately be used to steal extremely valuable data. CEOs must come to terms with these threats and make sure to align them with their overall risk management, business planning, and fiduciary responsibilities.”
“Less Than Zero” is a continuation of the FireEye mission to support the next generation of security. It provides advice to readers on how networks, incident response, and application management should be approached to deal with the advanced, unknown threats of today. More of the company’s recently published researched can be found on the FireEye blog, including its 2013 Advanced Threat Report that uncovered enterprises are attacked on average once every 1.5 seconds.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,900 customers across more than 60 countries, including over 130 of the Fortune 500.
Vitor De Souza
# # #
© 2014 FireEye, Inc. All rights reserved. FireEye and Dynamic Threat Intelligence are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.