Research Report

Breaking Down the SolarWinds Breach: an Inside Look at the Methods Used

HIGHLIGHTS

  • Multiple communication channels, phases, and tools were used to establish interactive, hands-on-keyboard control. Each phase was designed to minimize the chance of detection, with techniques that defeat IDS tool signatures, EDR, manual threat hunting, and even common approaches to ML-based detection.
  • The DGA used in this attack was different: a single, unique subdomain was generated for each victim, compromised of a globally unique ID calculated from local attributes and an encoding of the victim hostname.
  • Vectra’s AI will see through the evasion tactics applied and detect the tunnels as soon as they go active.
  • Vectra uniquely protects the entire network of hybrid, on-premise, and cloud connectivity with learning behavioral models that understand both hosts and identities—tracking and stopping attackers earlier in the kill chain.

Breaking Down the SolarWinds Breach: an Inside Look at the Methods Used
Breaking Down the SolarWinds Breach: an Inside Look at the Methods Used
Instant Free Access
Instant Complimentary Access

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Oops! Something went wrong while submitting the form.
Instant Free Access
Oops! Something went wrong while submitting the form.
Breaking Down the SolarWinds Breach: an Inside Look at the Methods Used

Trusted by experts and enterprises worldwide