Red Canary customers will be pleased to know that within 24 hours of the CVE-2014-4114/Sandworm vulnerability’s announcement, we were successfully detecting the threat on their systems. Our team quickly identified the endpoint observations that indicate exploitation has occurred due to this vulnerability. This was done without code signatures, so any future exploits written to exploit the CVE-2014-4114/Sandworm vulnerability will also be detected. The Red Canary research team is always monitoring developments in the exploit market to update our detectors as needed. This ensures we can stay abreast of the changing landscape.
Although the Microsoft patch addresses the CVE-2014-4114/Sandworm vulnerability, patch application is often delayed. We always recommend applying patches as soon as possible. However, if you must delay, rest assured that any Red Canary customer experiencing a realized threat within their environment – meaning exploitation has occurred – will be alerted to the detected threat with the following:
This detection alert arrives after our analysts have examined the evidence and crafted an actionable alert message containing all details necessary for our customers to perform fast and effective remediation. This generally occurs within hours of exploitation. Our methods are independent of flawed signature-based detection methods like antivirus and intrusion detection/prevention systems. Attackers can trivially change the signatures of their malware, as well as the network communication paths such as command and control servers to thwart network-based detection.
By focusing strictly on endpoint observations – the one place an attacker cannot easily conceal their behavior – Red Canary’s customers enjoy an unparalleled level of awareness when compared to other previous-generation products and services. By minimizing the time between exploitation and detection, and with actionable alerts to enable comprehensive remediation, Red Canary continues to change the game in Incident Response.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.