Why Gartner says network detection and response is key to defend against supply chain attacks. Learn more >
Rapid Release
SolarWinds

Concerned about Being Impacted by the Recent SolarWinds Orion Breach?

What You Can Do about SUNBURST

SolarWinds suffered a supply chain compromise that trojanized their update, infecting an estimated 18,000 organizations.

See what happened and how, and what you can do about this now and in the future.

Watch Vectra CEO, Hitesh Sheth, as he speaks to CBS News on the SolarWinds breach.

Also read his perspective on why security needs to be thought of differently and why we should all be prepared for a breach, as shared with CNBC.

How should you detect and respond to this breach?

READ BLOG

See how Vectra Cognito uncovers this attack

WATCH NOW

Learn how SolarFlare evaded detection and what you can do

WATCH ON-DEMAND

Overview of SolarWinds Supply-chain Attack

Download PDF

What You Should Do About It

  • Disconnect / power down servers running SolarWinds Orion Platform software versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1
  • Apply the Orion 2020.2.1 HF 2 hot fix immediately
  • Identify if either SolarWinds.Orion.Core.BusinessLayer[.]dll or C:\WINDOWS\SysWOW64\netsetupsvc[.]dll exists
  • Ensure traffic to and from hosts with affected SolarWinds Orion software is being blocked
  • Remove any compromised accounts

How to identify compromised accounts?

Attacks have been observed creating new Federation Trusts and performing other types of high-level Azure AD operations to maintain a foothold.

How to discover lateral movement?

Attacks have been using built in Microsoft tools to perform reconnaissance and attempt exploitation.

If You Are a Vectra Customer

As a Vectra customer, we want to assure you, that you are protected by the Cognito Platform from attacks leveraging the reported tactics and techniques.

To learn more about the detections, how they will show up, and what information to search for when threat hunting, please read more on our customer community portal.

Get a No-cost SUNBURST Assessment

If you would like a SUNBURST assessment or have any questions, please complete this form so we can connect you with a Vectra Security Consultant.

This assessment will help you

  • Detect external threat actors performing reconnaissance activity in your network
  • Determine if a threat has made its way in, and where it has propagated — including cloud and data center environments
  • Identify compromised credentials, particularly privilege account abuse
Contact Us

General: info@vectra.ai

Support: support@vectra.ai

Headquarters

550 S. Winchester Blvd., Suite 200

San Jose, CA, USA 95128

Solutions
Cloud SecurityDetect RansomwareSecure Remote WorkforceThreat Hunting and InvestigationsRisk and ComplianceElevate Your SOC VisibilityReplacing Aging IDPSMITRE ATT&CK Model
Products & Services
Cognito PlatformHow We Do ItCognito Detect for AWSCognito Detect for Azure ADCognito Detect for NetworksCognito Detect for
Office 365Cognito RecallCognito StreamServicesAPI ToolsVectra vs. DarktraceVectra vs. ExtraHop
Industries
Critical National InfrastructureEnergy and UtilitiesFederal GovernmentFinancial ServicesHealthcareHigher EducationManufacturingPharmaceuticals and Medical DevicesRetail
Partners
Partner ProgramManaged Service PartnersService PartnersTechnology PartnersPartner PortalAWSCrowdStrikeMicrosoftSplunk
Resources
Case studiesCompetitiveCompliance BriefsDatasheetsE-booksIndustry ResearchProduct IntegrationsSolution OverviewsVideosWhite PapersBlog
About
CompanyLeadershipCareersNews ReleasesMedia CoverageRecognitionEvents & WebinarsSupport
Legal
Terms of ServiceTerms of UsePrivacy and SecurityVectra Ethics HotlineTrademarks

© 2020 Vectra AI, Inc. All rights reserved.