To date, the supply chain attack involving SolarWinds Orion business software is believed to have impacted more than 18,000 organizations. The attackers were reportedly successful in infiltrating many high-profile public and private organizations using extremely sophisticated attack techniques, including the use of compromised privileged credentials to move laterally and vertically across the IT environment. With dramatic cloud migrations underway, and the adoption of transformative digital technologies, privileged accounts and credentials represent one of the largest attack surfaces for organizations today, which makes identifying and managing privileged access critical to disrupting the attack chain and maximizing risk mitigation.
A comprehensive Identity Security program that has privileged access management at its core is critical to helping address the gaps and vulnerabilities that the attackers in the SolarWinds breach exploited, including by gaining administrative access through compromised credentials and the escalation of privileges that allowed for both lateral and vertical movement.
To help organizations that have been affected by the SolarWinds Orion attack, CyberArk is offering the following:
- Privileged Access Management (PAM) Rapid Risk Assessment: A no cost assessment for organizations that were running the compromised Orion software in their environment. This assessment includes the CyberArk Discovery and Audit (DNA) tool run against a representative sample of their Windows IT infrastructure. Based on the scan, customers will receive curated remediation recommendations with several ‘sprint’ tactics for short-term success.
- Privileged Access Management (PAM) Rapid Risk Remediation: CyberArk and our certified partners can assist customers to prioritize PAM controls including credential management, multi-factor authentication, session isolation, and least privilege on endpoints and servers for rapid risk reduction. Such measures will be based on findings from the organization’s incident response team and in alignment with the CyberArk Blueprint for PAM Success.
Only CyberArk combines deep Identity Security controls, privileged access remediation services, and the expertise of the CyberArk Labs and CyberArk Red Team, to help organizations gain invaluable time by enabling them to detect attacks earlier and prevent attackers from reaching their end goal.
“With adoption of modern infrastructure and digital transformation, privilege is everywhere – from critical applications and IoT devices, to robotic process automation and DevOps tools. Attackers know this, which is why nearly all advanced attacks today rely on the exploitation of privileged credentials,” said Udi Mokady, founder and CEO, CyberArk. “The SolarWinds breach is yet another example of how attacks are becoming hyper-targeted with widespread impact. It is critical that organizations always ‘assume breach’ and that access to their sensitive data and systems is secured. These offerings are designed to not only improve their current security posture, but also help establish a strong foundation that can prevent against future compromise.”
There are immediate steps organizations can take to help minimize their exposure to this SolarWinds breach, while laying the foundation for longer-term, proactive strategies to help prevent the compromise of privileged credentials that could further disrupt the business. Those longer-term steps include: Deploying “least privilege” measures to servers and applications; Securing application credentials and continuous integration/development (CI/CD) pipelines, and Configuring Active Directory based on credential boundaries.