Am I impacted by the SolarWinds breach?

Generally, there are two methods to determine if you’re impacted by the breach, and both are extremely difficult to implement: Examine every system within your enterprise to see if you currently have or previously had Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, or 2020.2 HF. Or monitor your organization's current DNS queries and mine the historic ones to determine if any DNS queries to hostnames contain the domain “avsvmcloud[.]com”.

There have been a ton of blogs written about this very topic and a lot of high-priced consultants have been hired to help you answer this question. However, there is no definite answer from the industry, yet. At best, the solution is consistent with mining a sea of logs, monitoring network traffic and the targeted software behavior. This approach is more art rather than science to say the least. More importantly, it is hardly practical, especially for large enterprises.

How can I remediate the SolarWind breached libraries/dependencies?

Of the three questions, this is the easiest, most straightforward one to answer: Remediation involves rebuilding the impacted servers and starting with a fresh updated install of SolarWinds Orion. However, the million-dollar question is: Where do you get the list of all the affected servers? Armed with the holistic knowledge from Xray’s binary interconnection database, you now know exactly which artifact is infected within your enterprise. To have full traceability of your runtime deployment, the JFrog Platform provides additional innovative technologies. JFrog Distribution’s Release Bundles, which are signed and immutable through GPG, make artifacts available just-in-time, and closest to your runtime environment across unsecured networks.

solarwinds Archives

It’s Time to Get Hip to the SBOM

August 24, 2021

The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials, or SBOM, graduated from a “nice to have” to a “must have.” Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software …

A Year of Supply Chain Attacks: How to Protect Your SDLC

August 20, 2021

One of the most worrisome trends in cybersecurity today is the skyrocketing incidence of supply chain attacks, such as the ones that hit SolarWinds last year and Kaseya more recently. Because they focus on compromising software development and delivery, supply chain attacks have forced developers and DevOps teams to scramble for solutions. Unfortunately, supply chain …

Automatically Assess and Remediate the SolarWinds Hack

April 14, 2021

With software supply chain attacks on the rise, are you wondering how you can recover quickly from the recent SolarWinds breach at your company? Months after its discovery, the devastating SolarWinds hack remains a top concern for business, government and IT leaders. This destructive supply chain attack put the spotlight on software development security — …

It’s Time to Get Hip to the SBOM

A Year of Supply Chain Attacks: How to Protect Your SDLC

Automatically Assess and Remediate the SolarWinds Hack

Popular Tags