SolarWinds Cyberattack

Learn how it affects you, us and the world.
Watch the Video

How the SolarWinds cyberattacks work

splunk-solarWinds-cyberattacks-work

The SolarWinds cyberattack campaign — also called Solorigate or simply the SolarWinds hack — leverages vulnerabilities in SolarWinds Orion software to accomplish a supply chain attack. Malware was embedded into the digitally-signed software and multiple organizations were compromised as a result. The nature and extent of the situation continues to develop, but at least two distinct malware threats — Sunburst and Supernova — have been identified.

Learn About the Sunburst Malware

Tech Talks | Detect SolarWinds Cyberattack with Splunk Enterprise Security

How Splunk can help

Review and update your log types ingested into Splunk, then examine DNS, network, and host traffic logs for evidence of Sunburst malware activity.
Examine results of vulnerability scans, hashes and proxy logs for evidence of Supernova webshell.
Search for unusual activity from your directory and authentication providers for indications of a follow-on attack.
Look for other signs of lateral movement from compromised hosts.
Expand monitoring across your IT infrastructure and your entire software development lifecycle (SDLC)
FEATURED VIDEO

Security experts discuss the SolarWinds attack

Join security experts from Splunk for an in-depth discussion about the SolarWinds attack, and learn best practices and strategies to strengthen your defenses and respond..

Use the navigation button at the top right of the video to jump to the discussion topic of your choice.

Watch the Video

Splunk Solutions for Security, IT and DevOps

Detect indicators in your environment
Security TEAMS

Detect indicators in your environment

Streamline the onboarding process and search for threat indicators in your environment.

Recover lost visibility of IT infrastructure
IT TEAMS

Recover lost visibility of IT infrastructure

Without SolarWinds Orion software, you lose visibility. Restore visibility with Splunk and monitor the health and operations of your IT infrastructure.

Protect your application development resources
DevOps Teams

Protect your application development resources

Gain visibility into your software delivery chain from code repositories, secrets management, infrastructure-as-code, CI/CD automation and more. This can help your organization detect unauthorized changes to production applications and protect your customers.

Learn how to secure your SDLC
We’re here to help with your Security, IT and DevOps response.