Rapid Release
SolarWinds

Concerned about Being Impacted by the Recent SolarWinds Orion Breach?

Get a no-cost SunBurst assessment.

An inside look at the methods used in the SolarWinds breach

GET THE REPORT

What You Can Do about SunBurst

SolarWinds suffered a supply chain compromise that trojanized their update, infecting an estimated 18,000 organizations.

See what happened and how, and what you can do about this now and in the future.

Watch Vectra CEO, Hitesh Sheth, as he speaks to CBS News on the SolarWinds breach.

Also read his perspective on why security needs to be thought of differently and why we should all be prepared for a breach, as shared with CNBC.

Overview of SolarWinds Supply-chain Attack

Download Infographic

What You Should Do About It

  • Disconnect / power down servers running SolarWinds Orion Platform software versions 2019.4 HF 5, 2020.2 with no hotfix, and 2020.2 HF 1
  • Apply the Orion 2020.2.1 HF 2 hot fix immediately
  • Identify if either SolarWinds.Orion.Core.BusinessLayer[.]dll or C:\WINDOWS\SysWOW64\netsetupsvc[.]dll exists
  • Ensure traffic to and from hosts with affected SolarWinds Orion software is being blocked
  • Remove any compromised accounts

How to identify compromised accounts?

Attacks have been observed creating new Federation Trusts and preforming other types of high-level Azure AD operations to maintain a foothold.

How to discover lateral movement?

Attacks have been using built in Microsoft tools to perform reconnaissance and attempt exploitation.

How should you detect and respond to the SolarWinds Orion Breach?

READ BLOG

If You Are a Vectra Customer

As a Vectra customer, we want to assure you, that you are protected by the Cognito Platform from attacks leveraging the reported tactics and techniques.

To learn more about the detections, how they will show up, and what information to search for when threat hunting, please read more on our customer community portal.

If you would like a SunBurst assessment or have any questions, please complete this form so we can connect you with a Vectra Security Consultant.

This assessment will help you

  • Detect external threat actors performing reconnaissance activity in your network
  • Determine if a threat has made its way in, and where it has propagated — including cloud and data center environments
  • Identify compromised credentials, particularly privilege account abuse
Contact Us

General: +1-408-326-2020

Sales: +1-408-326-2034

Support: support@vectra.ai

Headquarters

560 S. Winchester Blvd., Suite 200

San Jose, CA, USA 95128

Solutions
Cloud SecuritySecure Remote WorkforceThreat Hunting and InvestigationsRisk and ComplianceReplacing Aging IDPSElevate Your SOC Visibility
Products & Services
Cognito PlatformHow We Do ItCognito DetectCognito Detect for
Office 365Cognito RecallCognito StreamServicesAPI Tools
Industries
Critical National InfrastructureEnergy and UtilitiesFederal GovernmentFinancial ServicesHealthcareHigher EducationManufacturingPharmaceuticals and Medical Devices
Partners
Partner ProgramManaged Service PartnersService PartnersTechnology PartnersPartner PortalCrowdstrikeMicrosoftSplunk
Resources
Case studiesCompetitiveCompliance BriefsDatasheetsE-booksIndustry ResearchProduct IntegrationsSolution OverviewsVideosWebcastsWhite PapersBlog
About
CompanyLeadershipCareersNews ReleasesMedia CoverageEventsSupport
Legal
Terms of ServiceTerms of UsePrivacy and SecurityVectra Ethics HotlineTrademarks

© 2020 Vectra AI, Inc. All rights reserved.