FireEye Detection Evasion


It is ALWAYS important to ensure you are following best practices to secure your servers and IT infrastructure. Simple tasks like implementing vendor recommended security practices, keeping software and operating systems up-to-date and a very key practice – applying vendor’s security patches as soon as they are available, is vital to the health of your security.

FireEye released patches in September and October of 2015 and the reason why has finally been announced to the public. German IT solutions company, Blue Frost Security, identified an evasion to FireEye’s virtualization-based analysis, that allowed an attacker to completely bypass their detection engine. Please see below for the complete technical overview of this patch:

Fireeye info[i] Image retrieved from Blue Frost Security

If you are a Secure Sense managed service customer, do not worry, we patch all versions of FireEye Operating Systems (FEOS), as soon as a patch has been released. We ensure all our FireEye customers are using an up-to-date and patched FEOS to guarantee best practice and maintain proper security of your environment.

If you are currently using FEOS, and are not a Secure Sense managed customer, we urge you to find out which version you are using. If you are using any of the following, FireEye is recommending you immediately update as the severity level is HIGH:

Affected Products: FireEye FX, AX, NX, EX
Affected Versions:  FX < 7.5.1, AX < 7.7.0, NX < 7.6.1, EX < 7.6.2
(Anything less than these versions need to be updated ASAP)

Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.

Follow us on LinkedIn and Twitter  for current company and industry news.

[i] https://labs.bluefrostsecurity.de