A high profile attack is not the way to end 2020, but if you are an existing user of SolarWinds you may be one of the 18,000 potential customers breached by the recent hack using FireEye and SolarWinds, and affect your organizations ability to monitor the network.

IMPACT

On December 13th, Cybersecurity and Infrastructure Agency (CISA) issued directive 21-01, instructing all customers of SolarWinds that a breach had been detected implanting a backdoor into their security event monitoring software. Affected agencies shall immediately disconnect SolarWinds Orion products.

How we can help

Monitoring Your Network

If you need to replace SolarWinds and cannot be without monitoring we can set you up within 24 hours using NMSaaS. NMSaaS is a unified network monitoring solution which includes Asset Discovery and Mapping, Network and Application Performance, Fault and Event Management and Network Change and Configuration (NCCM). NMSaaS code is only developed by a single group (we have never acquired any other code or companies) and we do not offshore any development outside of our core team, we are much less vulnerable to this kind of attack.

In an effort to support, we are offering a special promotion for existing SolarWinds customers as you can try it free for the first 30 days, and the next 12 months at a 50% discount off list price with a signed contract.

Simulation

Using Threat Simulator allows you to test your security controls capability to detect Sunburst activity on your network. FireEye released a set of IDS detection rules for Sunburst in Snort format on github, and using this along with reverse engineering, we’ve created traffic flows that simulate the same command and control traffic as seen by them and others. We are also releasing network traffic flows that download the same dangerous binaries highlighted in this week’s news, designed to test network-based malware detection systems. We are adding 15 new command and control test audits, and 6 new malware downloads to both products.

Detection

If you are struggling to understand if you have been breached, Flowmon can be used as a network detection and response tool. It uses the principles of behavioral analysis, which allows it to detect attacks without having any prior knowledge of them. With the help of machine learning, it detects network traffic (network communication) anomalies, such as lateral movement or data exfiltration, by default and can do this no matter the type of attack. If an adversary does manage to breach the perimeter and start acting within the network, Flowmon will detect their movement as part of its standard functionality and thus buy you time to stop them.