SolarWinds Cyberattack

Learn how it affects you, us and the world.
Watch the Video

How the SolarWinds cyberattacks work

splunk-solarWinds-cyberattacks-work

The SolarWinds cyberattack campaign — also called Solorigate or simply the SolarWinds hack — leverages vulnerabilities in SolarWinds Orion software to accomplish a supply chain attack. Malware was embedded into the digitally-signed software and multiple organizations were compromised as a result. The nature and extent of the situation continues to develop, but at least two distinct malware threats — Sunburst and Supernova — have been identified.

Learn About the Sunburst Malware

Tech Talks | Detect SolarWinds Cyberattack with Splunk Enterprise Security

How Splunk can help

Review and update your log types ingested into Splunk, then examine DNS, network, and host traffic logs for evidence of Sunburst malware activity.
Examine results of vulnerability scans, hashes and proxy logs for evidence of Supernova webshell.
Search for unusual activity from your directory and authentication providers for indications of a follow-on attack.
Look for other signs of lateral movement from compromised hosts.
Expand monitoring across your IT infrastructure and your entire software development lifecycle (SDLC)

Splunk Solutions for Security, IT and DevOps

Detect indicators in your environment
Security TEAMS

Detect indicators in your environment

Streamline the onboarding process and search for threat indicators in your environment.

Recover lost visibility of IT infrastructure
IT TEAMS

Recover lost visibility of IT infrastructure

Without SolarWinds Orion software, you lose visibility. Restore visibility with Splunk and monitor the health and operations of your IT infrastructure.

Protect your application development resources
DevOps Teams

Protect your application development resources

Gain visibility into your software delivery chain from code repositories, secrets management, infrastructure-as-code, CI/CD automation and more. This can help your organization detect unauthorized changes to production applications and protect your customers.

Learn how to secure your SDLC
We’re here to help with your Security, IT and DevOps response.