Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Staying Ahead of Cyber Threats

Moving forward after the SolarWinds supply chain attack.

Threat Advisory: SolarWinds supply chain attack

Organizations should update incident response plans, playbooks, or conduct tabletop exercises to test the organization's ability to respond to a supply-chain attack. Once mitigation efforts have been successfully put in place, we recommend a targeted threat hunt that leverages indicators and adversary TTPs (tactics, techniques, and procedures).

Maneuvering the attack

Investigate for indicators of compromise to isolate suspicious systems across the vendor landscape.

Pinpoint compromised servers and take them offline.

Remediate by reimaging and blocking traffic to and from impacted servers.

Engage the incident response team for assessing risk along with evidence preservation.

Update incident response playbooks, test resiliency with tabletop exercises, and conduct a targeted threat hunt.

Adopt an integrated platform approach with extended detection and response together with zero-trust network segmentation.

How can we help?

Are you impacted? Contact Cisco Emergency Incident Response immediately to get an assessment. We are available globally, 24 hours a day, every day of the year. Contact us: 1-844-831-7715 or +44 808 234 6353.

Latest from the front lines

Cisco Talos threat advisory

Get the latest information from the team at Cisco Talos Threat Advisory about navigating this attack.

Detecting attacks with Cobalt Strike (PDF)

Learn technical details of the Cobalt Strike modularized attack framework used for beaconing for command and control attacks.

Reduce dwell time for infrastructure attacks

Platform approach

Simplify breach defense with a platform built into the Cisco Secure portfolio that connects to your existing infrastructure for unified visibility, turnkey simplicity, and enhanced efficiency, turning disjointed solutions into a fully integrated defense.

Extended detection and response (XDR)

Our platform approach delivers the broadest XDR capabilities supported by machine-learning and behavioral analytics to connect intelligent detections to confident responses.

Leading incident response services

Trusted expertise delivers a full suite of proactive and emergency services that helps enterprises prepare, respond, and recover from a breach effectively.

Teamwork closes the gap

Every Cisco Secure customer is entitled to the SecureX platform. See the value of SecureX integrations today and unlock every Cisco Secure product's full potential, speeding your investment time to value.

Hear from the experts

What you should know

Find out the breadth and scope of the attack and determine the damage sustained.

Get endpoint insight

Close the visibility gap and pinpoint your SolarWinds exposure with Cisco Endpoint Security Analytics.

Secure your workload

Take steps to identify compromised assets and apply mitigations with Cisco Secure Workload.

Minimize risk

Our integrated approach helps contain 70% more malicious exposure—with 85% less dwell time.

Simplify with Cisco SecureX

The integrated approach of the Cisco SecureX cloud-native security platform provides simplicity, visibility, and efficiency across your security infrastructure. Capabilities are integrated within each product's console, achieving the industry's broadest XDR.

Navigating the SolarWinds attack with Cisco

Cisco Secure products SolarWinds Advisory
Cisco SecureX Easily investigate indicators of compromise (IOCs) contained in the SolarWinds Talos Threat advisory using SecureX Threat Response. Simplify investigation with visual forensics and connect playbook-driven automation across multiple control points to reduce threat dwell time.
Cisco Talos Incident Response (IR) Utilize the full suite of proactive and emergency services to respond and recover from the attack.
Cisco Secure Endpoint Gain visibility into endpoints to locate Sunburst infected hosts. Endpoint detection and response deliver event notice to inform of the attack and retrospective detection alerts based on ongoing threat intelligence and hunting efforts. Additionally, you can assess exposure to Sunburst using Cisco Endpoint Security Analytics (CESA). Find out what endpoint accessed what domain, as well as what software processes and protocols were used, enables immediate visibility to what endpoints are exposed—for both on-net and off-net endpoints.
Cisco Umbrella Protect at the cloud edge with effective monitoring of the last 12 months of DNS traffic to indicate the presence of Sunburst backdoor activity.
Cisco Secure Network Analytics and Secure Cloud Analytics Advanced machine learning and behavioral modeling detect anomalous and malicious behavior using a published list of host and entity groups seen communicating with IPs associated with Sunburst.
Network Security Detect malicious activity associated with this threat using published Snort intrusion detection system alerts.
Secure Workload Identify compromised or affected assets using Talos-published IoCs and apply primary mitigations to create zero-trust segmentation policies that defend against future incidents.

Sorry, no results matched your search criteria(s). Please try again.