Your network, security, and OT appliances are at risk
Attackers escalate efforts on critical appliances
Despite continued efforts to thwart attackers who are trying to get at sensitive data, security teams are still finding themselves a step or two behind the adversaries. This is because attackers are good at evading existing security solutions, and they are continually finding unknown vulnerabilities to exploit. They exploit people and software, and attackers are now increasingly going after the hardware or appliances that make up our network, security, and operations (OT) infrastructure. According to a recent article from ZDNET, in 2018 Dragos had identified 6-7 state-actor groups that were explicitly focused on OT and industrial control systems. This number has since climbed in more recent years to at least 22 groups, and more state-actor networks are realizing the viability of targeting OT sectors.
These appliances or hardware are the backbone of many industries and critical infrastructure; the consequences of them being compromised can be costly, both in terms of dollars and the impact they have on people’s lives if they are no longer available.
For years now, we’ve seen advisories from government agencies such as CISA or the FBI outlining VPN and other network appliances as a top attack vector of advanced attackers. In recent days, there have been major exploitations being reported by government agencies such as CISA and coverage by various outlets.
Case in point, per Bleeping Computer, over 2,000 Citrix NetScaler servers have been backdoored by a threat actor as tracked under CVE-2023-3519. There is the critical ESG exploit for Barracuda that is actively being mitigated and a recent report from Mandiant highlights how Chinese espionage groups are continually leveraging malware for Fortinet appliances to disguise traffic inside and outside targeted organizations.
Appliances need protection, too
Attackers are going after the appliances that are in some way connected to the internet because attackers know, “As long as the exploit remains undiscovered, the threat actor can reuse it to gain access to additional victims, or reestablish access to targeted systems. Moreover, both edge devices and virtualization software are challenging to monitor and may not support endpoint detection and response (EDR) solutions or methods to detect modifications or collect forensic images, further reducing the likelihood of detection and complicating attribution.” – Mandiant Intelligence July, 18, 2023
One can quickly surmise that these appliances, which are critical pieces of an organization’s infrastructure, need to be better protected. And, your security teams need additional tools at their disposal to try and combat the exploits, known or unknown.
Given that most of these appliances do not have tools in place that can interrogate the files found within them to identify threats, they are relegated to manual and often latent IT updates to try and stay ahead of attacks. In most cases, it is after the fact, days or weeks after an exploit has already been identified.
Stairwell is able to protect appliances from even the most advanced attacks
That is until now! This is because Stairwell is in a unique position, as we are able to provide customers with advanced analysis at the binary level in order to dramatically improve detection and incident response for both known and unknown threats. The advanced analysis and capabilities are for both your endpoints AND appliances across your organization. Check out our latest update regarding Citrix NetScaler and how we deployed an optimized version of Stairwell that provides unmatched visibility and response on NetScaler appliances where traditional security tools often lack a presence.
The Stairwell platform has been designed from the ground up to provide security operations, threat hunters, and IR teams with current and historical digital forensics based upon the most current threat intelligence available. By automatically ingesting, storing (forever), and continuously analyzing an organization’s executable or executable-like files at the binary level, Stairwell is able to deliver visibility and analysis across all time horizons (past or present) to automatically identify a threat or its variants. Whether on an appliance or an endpoint, your security team is able to confidently identify and detect even the most advanced attacks.
Stairwell is revolutionizing the security game by automatically analyzing the true source of an attack: the files within your organization. Stairwell’s approach tackles critical gaps in modern security tooling as they are often evaded and are restricted by retention or processing limitations. Stairwell is able to supercharge your security team’s abilities regardless of experience level, providing them with the analysis and forensics to overcome any attack and decisively answer the question: “Have we or have we ever been exposed to a threat/exploit?”.
Secure and get a handle on the appliances and critical infrastructure within your organization by requesting a demo or talking with a Stairwell representative today. We are here to help you outsmart attackers and protect what matters most!
