{"id":123005,"date":"2020-12-31T12:15:20","date_gmt":"2020-12-31T20:15:20","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=123005"},"modified":"2021-01-04T16:26:13","modified_gmt":"2021-01-05T00:26:13","slug":"cortex-solarstorm-variants-imitators","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/12\/cortex-solarstorm-variants-imitators\/","title":{"rendered":"Cortex XDR: Fortify the SOC Against SolarStorm, Variants and Imitators"},"content":{"rendered":"

\"Image<\/p>\n

On Dec. 13, the world learned of the now-infamous SolarWinds supply chain attack. The \u201cSolarStorm\u201d threat group infected countless SolarWinds Orion servers with a Trojanized DLL file and eluded detection for months.\u00a0\u00a0<\/span><\/p>\n

While organizations chase down their SolarWinds servers and investigate the impact of the attack, it\u2019s important to prepare more broadly for what inevitably comes next. An attack of this level of sophistication, conducted by suspected nation-state operators, highlights a set of tactics, techniques and procedures (TTPs). It<\/span>\u2019s only a matter of time before copycats reverse-engineer and reuse elements of the attack. In addition, the original threat actors behind the attack will undoubtedly update their methods, changing not only indicators of compromise (IOCs) like domain names,\u00a0 but also adversary tactics and tools to evade security controls. Protecting against these unavoidable threats requires a robust and layered defense.<\/span><\/p>\n

Across our product portfolio, Palo Alto Networks <\/span>deployed updates to <\/span>help customers<\/span><\/a> protect against the SolarStorm attack. In this post,\u00a0 we will specifically highlight the updates to our Cortex XDR product that helps SOC teams in the front lines defend against not just the SolarStorm attack but also SolarStorm variants and imitators. The key principle in defeating advanced adversaries is to continuously improve realtime prevention capabilities, and to give teams the right set of tools to detect and hunt threats down fast. By combining multiple layers of defense, from prevention to detection, investigation and response, Cortex XDR helps SOC teams fend off\u00a0 the risk of intrusion at every step.\u00a0<\/span><\/p>\n

Here\u2019s what we\u2019ve added to help protect security teams.<\/span><\/p>\n

Block Threats in Realtime With Fortified Endpoint Protection<\/b><\/h2>\n

Realtime prevention is the first line of defense in any proactive security strategy. When Palo Alto Networks\u00a0 <\/span>experienced an <\/span>attempt to download Cobalt Strike<\/span><\/a> on one of our IT SolarWinds servers, <\/span>Cortex XDR successfully prevented the SolarStorm attack<\/span> by\u00a0 blocking the attempt with our Behavioral Threat Protection capability.\u00a0<\/span><\/p>\n

Further analyzing the behaviors associated with the recent attacks, our XDR research team\u00a0 have developed additional protections in the Cortex XDR agent t<\/span>o help keep our customers safe from the SolarStorm group and its imitators. Specifically, we have:\u00a0<\/span><\/p>\n