Best Practice: Identifying And Mitigating The Impact Of Sunburst

260

This post was originally published bycheckpoint

During the closing weeks of 2020 a Cyber Security attack became one of the main headline news stories of what had already been a news-rich year. Attributed to a campaign that began months earlier, the information security teams of government agencies and private organizations quickly shifted their focus to a vulnerability in the SolarWinds Orion solution, which could open a backdoor into organizational communications networks. Dubbed Sunburst, this incident called into question the trustworthiness of the primary technology tools that organizations use to manage their corporate technology resources.


As with any security incident, security practitioners would initially focus on identifying signs of potential Sunburst activities in their networks and systems. From there they would prioritize immediate remediation activities. Once these initial efforts were complete, security teams would need to consider broader structural changes to their security programs.

This blog provides information intended to assist with these primary phases and is structured according to the following flow:

  1. A summary of the Sunburst breach
  2. Network mitigations
  3. Host remediation
  4. Additional considerations
  5. Potential considerations for longer-term security improvements, including guidance on DevOps, Endpoint and cloud environments, according to the Zero-Trust Architecture framework

Some of the recommendations included in this blog apply to what was known about the Sunburst event at the time of writing. Check Point will update the document as more information becomes available.

Individuals interested in speaking with Check Point about Sunburst and other security topics are invited to interact with their account teams and to contact Check Point via the contact details listed on its public website at: https://www.checkpoint.com/

Read more here: blog.checkpoint.com