Fidelis Security Systems Blog

Last month we posted about 0-day Flash vulnerabilities, exploited via Excel. Just a few days ago, we presented a webinar that touched on this month's 0-day Flash vulnerability. Check it out and see how you can use Fidelis to catch these latest threats.

Yesterday’s disclosure of a serious vulnerability in Adobe’s Flash Player produced reports today of exploits in the wild targeting that vulnerability. Thanks to the security improvements in Adobe Reader X, malware authors are moving towards greener pastures. Are you ready for another era of malicious Office documents? Today’s malware is circulating in the form of infected Excel spreadsheets.

Fidelis XPS users can spot active content like Flash in Excel documents (or embedded in any other kind of payload). Given that there’s virtually no good reason for Flash content to be embedded in a spreadsheet, and given the seriousness of this (still unpatched) vulnerability, we’d like you to know there’s a simple rule available today to help you defend yourself against this threat.

If you’re a Fidelis XPS customer, get in touch with our support department right away, and we’ll provide you with access to the rule.

If you’re not yet a Fidelis  XPS customer, now might be a good time to get in touch with us at 800-652-4020 (or sales@fidelissecurity.com)*.

* Unless you already have a security technology that can spot and kill Flash payloads in compressed Excel documents at wire speed, preventing them from entering your enterprise via any number of channels and exploiting an unpatched vulnerability that's present on all of your workstations.

When I look back at all of the cyber threats and attacks our customers experienced in 2010, I continue to be firmly convinced that the nature and sophistication of these attacks will continue to escalate this year, while the stakes for companies and government agencies are escalating in parallel. Network forensics has been applied to help counter these attacks, but for all intents and purposes these could be considered “caveman” network forensics. They hunt and gather information, but they gather too much of it. And they do their analysis after-the-fact, which puts you in a reactive security stance, which is not a great position to be in when you are under attack.

Last week, I was asked to present a Lunch and Learn session at the SANS What Works in Forensics and Incident Response Summit 2010. Before starting, I asked the audience if anyone had heard of Fidelis Security System and exactly one hand was raised in a room of forty to fifty people – much as I had anticipated. Fidelis has been playing in the network Data Leakage Prevention market for the past few years, but we never set out to build a data leakage solution. At the core of our technology is a real-time, content-aware, bi-directional, deep session inspection network sniffer with prevention capabilities. Data leakage was the first market to require such capability, that is, until DLP was re-defined as a “suite” of solutions including endpoint, data discovery, and network, where the network is concerned primarily with email and proxied HTTP traffic.

However, many of our customers are using our product, Fidelis XPS, for forensics and incident response. Therefore a second market opportunity for our technology has unfolded.. We titled our SANS presentation, “See it, Study it, Stop it” to describe how we see Fidelis XPS in this market.