Coverage for GRIZZLY STEPPE is available through Cisco's security products, services, and open source technologies. The IP addresses listed in the DHS-FBI report have also been evaluated and applicable ones blacklisted. Note that Talos will continue to monitor for new developments to ensure our customers remain protected.
Web Reputation / DNS Protection
Please note that additional rules, signatures, and other detection may be released at a future date and current rules are subject to change pending new information. For the most current rule information, please refer to your Defense Center or Snort.org.
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.
CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.
Email Security can block malicious emails sent by threat actors as part of their campaign.
Network Security appliances, such as IPS and NGFW, have up-to-date signatures to detect malicious network activity by threat actors.