Moving forward after the SolarWinds supply chain attack.
Organizations should update incident response plans, playbooks, or conduct tabletop exercises to test the organization's ability to respond to a supply-chain attack. Once mitigation efforts have been successfully put in place, we recommend a targeted threat hunt that leverages indicators and adversary TTPs (tactics, techniques, and procedures).
Investigate for indicators of compromise to isolate suspicious systems across the vendor landscape.
Pinpoint compromised servers and take them offline.
Remediate by reimaging and blocking traffic to and from impacted servers.
Engage the incident response team for assessing risk along with evidence preservation.
Update incident response playbooks, test resiliency with tabletop exercises, and conduct a targeted threat hunt.
Adopt an integrated platform approach with extended detection and response together with zero-trust network segmentation.
Are you impacted? Contact Cisco Emergency Incident Response immediately to get an assessment. We are available globally, 24 hours a day, every day of the year. Contact us: 1-844-831-7715 or +44 808 234 6353.
Get the latest information from the team at Cisco Talos Threat Advisory about navigating this attack.
Learn technical details of the Cobalt Strike modularized attack framework used for beaconing for command and control attacks.
Simplify breach defense with a platform built into the Cisco Secure portfolio that connects to your existing infrastructure for unified visibility, turnkey simplicity, and enhanced efficiency, turning disjointed solutions into a fully integrated defense.
Our platform approach delivers the broadest XDR capabilities supported by machine-learning and behavioral analytics to connect intelligent detections to confident responses.
Trusted expertise delivers a full suite of proactive and emergency services that helps enterprises prepare, respond, and recover from a breach effectively.
Every Cisco Secure customer is entitled to the SecureX platform. See the value of SecureX integrations today and unlock every Cisco Secure product's full potential, speeding your investment time to value.
Find out the breadth and scope of the attack and determine the damage sustained.
Close the visibility gap and pinpoint your SolarWinds exposure with Cisco Endpoint Security Analytics.
Take steps to identify compromised assets and apply mitigations with Cisco Secure Workload.
Our integrated approach helps contain 70% more malicious exposure—with 85% less dwell time.
The integrated approach of the Cisco SecureX cloud-native security platform provides simplicity, visibility, and efficiency across your security infrastructure. Capabilities are integrated within each product's console, achieving the industry's broadest XDR.
Cisco Secure products | SolarWinds Advisory |
---|---|
Cisco SecureX | Easily investigate indicators of compromise (IOCs) contained in the SolarWinds Talos Threat advisory using SecureX Threat Response. Simplify investigation with visual forensics and connect playbook-driven automation across multiple control points to reduce threat dwell time. |
Cisco Talos Incident Response (IR) | Utilize the full suite of proactive and emergency services to respond and recover from the attack. |
Cisco Secure Endpoint | Gain visibility into endpoints to locate Sunburst infected hosts. Endpoint detection and response deliver event notice to inform of the attack and retrospective detection alerts based on ongoing threat intelligence and hunting efforts. Additionally, you can assess exposure to Sunburst using Cisco Endpoint Security Analytics (CESA). Find out what endpoint accessed what domain, as well as what software processes and protocols were used, enables immediate visibility to what endpoints are exposed—for both on-net and off-net endpoints. |
Cisco Umbrella | Protect at the cloud edge with effective monitoring of the last 12 months of DNS traffic to indicate the presence of Sunburst backdoor activity. |
Cisco Secure Network Analytics and Secure Cloud Analytics | Advanced machine learning and behavioral modeling detect anomalous and malicious behavior using a published list of host and entity groups seen communicating with IPs associated with Sunburst. |
Network Security | Detect malicious activity associated with this threat using published Snort intrusion detection system alerts. |
Secure Workload | Identify compromised or affected assets using Talos-published IoCs and apply primary mitigations to create zero-trust segmentation policies that defend against future incidents. |
Cisco Identity Services Engine (ISE) | Enforce least privilege access and prevents communication with Sunburst command-and-control infrastructure using dynamic, zero-trust network segmentation. You can enable an automated approach to policy enforcement that simplifies the delivery of highly secure network access control within IT and OT environments. |
Sorry, no results matched your search criteria(s). Please try again.