Threat Intelligence Reports
Critical Lessons from 15 Years of Industrial Control Systems Vulnerabilities
Industrial Control Systems (ICS) allow operators to monitor and control crucial industrial and physical processes used in the oil and gas, energy, water, manufacturing, transportation, and chemical industries. Compromises to these critical infrastructures would be highly disruptive and cause significant harm to consumers, businesses, governments and organizations.
The FireEye threat intelligence team has compiled a report that analyzes over 15 years of research covering 1,552 publicly available ICS vulnerability disclosures and reveals the following:
- 49% increase in the number of ICS disclosures from 2014 to 2015.
- 33% of ICS vulnerabilities were zero-day vulnerabilities.
- 58% of ICS disclosures affect products at Level 2 according to the Purdue ICS architectural model.
Download this special report to get more details, including trends in total ICS vulnerability disclosure and outlook and recommendations for ICS asset owners.
CYBER Threat Intelligence on Advanced Attack Groups and Technology Vulnerabilities
FireEye regularly publishes cyber threat intelligence reports that describe the members of advanced persistent threat (APT) groups, how they work and how to recognize their tactics, techniques and procedures. Cyber threat intelligence reports also cover vulnerabilities of specific business technologies, such as email, sandboxes and mobile devices. With access to such details cyber security experts can build better defenses against these APT groups and advanced cyber attacks.
Based on analyses of 262 intrusions in 26 countries, read about the reasons behind the shifting tactics of China-based threat actors and how they might operate going forward.
Learn more about FIN6 threat group, their operations to steal payment card data and how they sell that information to an underground card shop.
Is the threat actor group, APT28, sponsored by the Russian government? Read about their decade-long cyber support of Russia's strategic interests, impacting the Syrian conflict, the 2016 U.S. presidential election and more.
Threat Intelligence: Independent Research
- Forrester Research Brief: FireEye Is Evolving Into An Enterprise Security Vendor This Forrester Research brief explores the impact of recent FireEye acquisitions and serves as a guide for security and risk professionals who are considering FireEye.
- 2015 Breach Preparedness and Response Study Survey on how organizations view their security posture and insights from Kevin Mandia on how to improve.
- The Numbers Game: How Many Alerts is too Many to Handle Worldwide survey of C-level security executives at large enterprise companies on how they manage huge volumes of security alerts.
- IANS Research Survey: Building a Better Budget for Advanced Threat Detection and Prevention Survey of how security teams are trying to influence budget prioritization throughout their organizations for advanced security solutions.
- Definitive Guide to Advanced Threat Protection Comprehensive guide on how next-generation threat protection can fill the gaps in organizations' network defenses to protect against modern cyber attacks.
- Gartner Research: Taking a Lean-Forward Approach to Combat Today's Cyber Attacks Report on why you need more than traditional security to protect against today’s attacks. Includes “Strategies for Dealing With Advanced Targeted Attacks”
- NIST: Best Practices in Cyber Security Chain Risk Management Use case on securing the supply chain and integrating hardware development and manufacturing operations for risk management.
- Gartner Research: The New Breed of Email-based Cyber Attacks Report on email as a channel for targeted attacks. Feature includes “Email Security Focus Shifts to Address the Risks of Targeted Attacks and Data Loss”
- Forrester Research: Planning for Failure Report on the elements of a thoughtful, well-implemented incident response plan – including staffing, training, and testing.
- Forrester Research: Determine The Business Value Of An Effective Security Program Report on the Information Security Value Model that helps calculate the value of security and share that information with executives.
- SANS 2013 Report: Digital Forensics and Incident Response Survey Survey on difficulties encountered as a result of cloud computing and BYOD, and how to better prepare for investigations in the new IT environment.
- SANS 2013 Report: Critical Security Controls Survey: Moving From Awareness to Action Survey on awareness and use of critical security controls.
- IANS Data Compromise Awareness Survey detailing the inadequacy of traditional IT security at large enterprises
- ISMG: The Need for Speed: 2013 Incident Response Survey Survey findings detail the top challenges faced by incident response teams