FortiGuard
Fortinet’s Global Threat Intelligence and Research
mrobson
Staff
Staff
Article Id 242953
Description

 

The FortiGuard Incident Response team is ready to assist with the discovery, containment, and remediation of incidents related to the exploitation of Microsoft Exchange vulnerabilities.

Over the last two years, a number of high-profile vulnerabilities in the Microsoft Exchange servers have been identified.

These vulnerabilities have been heavily exploited by numerous threat actors and have become a mainstay of the threat landscape.

In many cases, the FortiGuard IR team has seen threat actors pivot their base TTPs around exploiting Exchange servers for Command and Control (C2).

The FortiGuard team has extensive experience in responding to intrusions related to the exploitation of Microsoft Exchange servers across the globe.

When dealing with such intrusions, a quick response that effectively contains an intrusion before it can spread and before the adversary can establish a further foothold is key to minimizing business impact and reducing the complexity of remediation efforts.

 

Scope

 

FortiGuard.

 

Solution

 

Engaging Response Services.

 

To engage the IR team directly please use the ‘Experienced a breach?’ link available here:

https://www.fortinet.com/solutions/enterprise-midsize-business/security-as-a-service/fortiguard-inci...

 

This webpage also has additional information on the IR services we provide and how to mitigate the risk associated with operating an on-prem Microsoft Exchange server.

 

Engaging Proactive Services.

 

If there are any questions about this type of threat that is applied or to proactively prepare the security teams to better handle threats associated with Microsoft Exchange, it is possible to engage the Incident Response Readiness service.

The FortiGuard IR Readiness service can assess the security posture and provide support to patch holes in the defenses, build playbooks to combat emerging threats, and war game the existing processes as part of tabletop activities.

 

It is possible to find more information on this service here:

https://www.fortinet.com/content/dam/fortinet/assets/solution-guides/sb-fortiguard-incident-readines...

Contributors