Organizations should update incident response plans, playbooks, or conduct tabletop exercises to test the organization's ability to respond to a supply-chain attack. Once mitigation efforts have been successfully put in place, we recommend a targeted threat hunt that leverages indicators and adversary TTPs (tactics, techniques, and procedures).
Investigate for indicators of compromise to isolate suspicious systems across the vendor landscape.
Pinpoint compromised servers and take them offline.
Remediate by reimaging and blocking traffic to and from impacted servers.
Engage the incident response team for assessing risk along with evidence preservation.
Update incident response playbooks, test resiliency with tabletop exercises, and conduct a targeted threat hunt.
Adopt an integrated platform approach with extended detection and response together with zero-trust network segmentation.
Simplify breach defense with a platform built into the Cisco Secure portfolio that connects to your existing infrastructure for unified visibility, turnkey simplicity, and enhanced efficiency, turning disjointed solutions into a fully integrated defense.
Our platform approach delivers the broadest XDR capabilities supported by machine-learning and behavioral analytics to connect intelligent detections to confident responses.
Every Cisco Secure customer is entitled to the SecureX platform. See the value of SecureX integrations today and unlock every Cisco Secure product's full potential, speeding your investment time to value.
Find out the breadth and scope of the attack and determine the damage sustained.
The integrated approach of the Cisco SecureX cloud-native security platform provides simplicity, visibility, and efficiency across your security infrastructure. Capabilities are integrated within each product's console, achieving the industry's broadest XDR.
|Cisco Secure products||SolarWinds Advisory|
|Cisco SecureX||Easily investigate indicators of compromise (IOCs) contained in the SolarWinds Talos Threat advisory using SecureX Threat Response. Simplify investigation with visual forensics and connect playbook-driven automation across multiple control points to reduce threat dwell time.|
|Cisco Talos Incident Response (IR)||Utilize the full suite of proactive and emergency services to respond and recover from the attack.|
|Cisco Secure Endpoint||Gain visibility into endpoints to locate Sunburst infected hosts. Endpoint detection and response deliver event notice to inform of the attack and retrospective detection alerts based on ongoing threat intelligence and hunting efforts. Additionally, you can assess exposure to Sunburst using Cisco Endpoint Security Analytics (CESA). Find out what endpoint accessed what domain, as well as what software processes and protocols were used, enables immediate visibility to what endpoints are exposed—for both on-net and off-net endpoints.|
|Cisco Umbrella||Protect at the cloud edge with effective monitoring of the last 12 months of DNS traffic to indicate the presence of Sunburst backdoor activity.|
|Cisco Secure Network Analytics and Secure Cloud Analytics||Advanced machine learning and behavioral modeling detect anomalous and malicious behavior using a published list of host and entity groups seen communicating with IPs associated with Sunburst.|
|Network Security||Detect malicious activity associated with this threat using published Snort intrusion detection system alerts.|
|Secure Workload||Identify compromised or affected assets using Talos-published IoCs and apply primary mitigations to create zero-trust segmentation policies that defend against future incidents.|
Sorry, no results matched your search criteria(s). Please try again.