{"id":122675,"date":"2020-12-17T18:03:16","date_gmt":"2020-12-18T02:03:16","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=122675"},"modified":"2020-12-22T10:58:38","modified_gmt":"2020-12-22T18:58:38","slug":"solarwinds-statement-solarstorm","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/12\/solarwinds-statement-solarstorm\/","title":{"rendered":"Palo Alto Networks Rapid Response: Navigating the SolarStorm Attack"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Since learning of the <\/span><a href=\"http:\/\/unit42.paloaltonetworks.com\/fireeye-solarstorm-sunburst\"><span style=\"font-weight: 400;\">SolarWinds supply chain attack<\/span><\/a><span style=\"font-weight: 400;\"> last weekend, security teams everywhere have been scrambling to determine whether they were compromised by the \u201cSolarStorm\u201d attacks. Every few hours a new compromised entity is identified.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">They\u2019re right to pay attention. We will soon be talking about this as one of the most serious cyberattacks in history. Tainted updates to SolarWinds Orion software were distributed for months before they were identified, positioning attackers to obtain administrative privileges and establish long-term network access \u2013 potential for a complete compromise of an organization by malicious actors. We must come together to defend against an attack of this magnitude.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In an effort to help the broader community, I\u2019d like to share our experience successfully preventing a SolarStorm attack.\u00a0<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">Recently, we experienced an attempt to download Cobalt Strike on one of our IT SolarWinds servers. Cortex XDR instantly blocked the attempt with our Behavioral Threat Protection capability and our SOC isolated the server, investigated the incident and secured our infrastructure. We also deployed a set of IOCs to our customer-facing Palo Alto Networks products as a result of this.\u00a0<\/span><\/i><\/p>\n<p><span style=\"font-weight: 400;\">We thought this was an isolated incident, however, on Dec. 13, we became aware that the SolarWinds software supply chain was compromised and it became clear that the incident we prevented was an attempted SolarStorm attack. Given this new information, we analyzed our entire infrastructure extensively one more time. The magnitude of the SolarStorm attack requires us to continuously evaluate our infrastructure, but we remain confident that Palo Alto Networks continues to be secure.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is our top priority to protect our customers from these attacks leveraging our experience, industry intelligence, products and services. To help our customers, we have set aside expert resources to support two distinct programs:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/www.paloaltonetworks.com\/solarstorm-rapid-response#solarstorm-offer\"><span style=\"font-weight: 400;\">SolarStorm rapid assessment<\/span><\/a><span style=\"font-weight: 400;\">:<\/span><span style=\"font-weight: 400;\"> This assessment will quickly determine if you have been compromised by this threat actor by leveraging best-in-class capabilities of our Expanse platform together with our Crypsis incident response team. The assessment is complimentary and reflects our commitment to securing our customers.<\/span><\/li>\n<li style=\"font-weight: 400;\"><a href=\"https:\/\/www.paloaltonetworks.com\/solarstorm-rapid-response#solarstorm-offer\"><span style=\"font-weight: 400;\">SolarStorm cybersecure engagement<\/span><\/a><span style=\"font-weight: 400;\">:<\/span><span style=\"font-weight: 400;\"> Customers who believe they have been impacted can engage directly in a short-term retainer with our incident response team who will help you contain and recover from the attack. During this period, you will also receive licenses for both Cortex XDR and Expanse for two months.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The SolarStorm attack has highlighted again that organizations are defending an ever increasing attack surface against threats that are more and more sophisticated. We\u2019re committed to working with enterprises, governments and others in the security community to help them better understand and defend against this threat.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For more resources to help you navigate the SolarWinds supply chain compromise, visit our <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/solarstorm-rapid-response\"><span style=\"font-weight: 400;\">Rapid Response resources page<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CEO and Chairman Nikesh Arora shares the Palo Alto Networks response to the SolarStorm attack. <\/p>\n","protected":false},"author":663,"featured_media":122676,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[308],"tags":[7399],"coauthors":[7040],"class_list":["post-122675","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","tag-solarstorm"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/12\/SW-Landing-Page-image.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/122675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/663"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=122675"}],"version-history":[{"count":8,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/122675\/revisions"}],"predecessor-version":[{"id":122997,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/122675\/revisions\/122997"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/122676"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=122675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=122675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=122675"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=122675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}