Talk to Symantec

    SolarWinds (Sunburst) Attack: What You Need to Know

    Sunburst infamously used a compromised update mechanism to infect thousands of Solar Winds customers with a backdoor Trojan. This page contains the latest research and insights into Sunburst as well as protection recommendations for these types of advanced attacks.

    Read the Blogs

    Why Is Sunburst (SolarWinds) So Significant?

    Watch Eric Chien, Technical Director of the Attack Investigations Team, provide insights into Sunburst and why supply chain attacks like this may become more common.

    Eric Chien discusses how endpoint security must evolve to detect and prevent future advanced persistent threats like Sunburst.

    How Did the Attack Work?

    Below is an example of an attack chain on one computer infected by attackers. While there may be some commonalities in post-compromise activity, each victim is likely to see different patterns in activity.

    Threat Hunter Research

    How Symantec Solutions Can Help

    As Advanced Persistent Threats (APTs) continue to proliferate and pose serious damage, the Symantec Enterprise Business provides a comprehensive portfolio of security solutions to address today’s security challenges and protect data and digital infrastructure from multifaceted threats. These solutions include core capabilities designed to help organizations prevent and detect advanced attacks like Sunburst.

    SESC_solar_winds_attack_lp_icon
    Symantec Endpoint Security Complete Symantec Endpoint Security Complete (SESC) was specifically created to help protect against this type of attack. While many vendors offer EDR to help find intrusions, as does Symantec, there are gaps. We call these gaps blind spots and there are technologies in SESC to eliminate them. Learn More
    PAM_solar_winds_attack_lp_icon
    Privileged Access Management (PAM) PAM is designed to prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies and monitoring and recording privileged user activity. Learn More
    Web_isolation_solar_winds_attack_lp_icon
    Symantec Web Isolation Symantec Web Isolation eliminates web threats and solves the challenge of providing access to unknown, uncategorized and potentially risky web by creating a remote execution environment between an agency’s enterprise systems and content servers on the web. Learn More
    SWG_solar_winds_attack_lp_icon
    Symantec Secure Web Gateway (SWG) SWG delivers high-performance on-premises or cloud secure web gateway that organizations can leverage to control or block access to unknown, uncategorized, or high-risk web sites. Learn More
    SIS_solar_winds_attack_lp_icon
    Symantec Intelligence Services Symantec Intelligence Services leverages Symantec’s Global Intelligence Network to deliver real-time threat intelligence to several Symantec network security solutions including Symantec Secure Web Gateway, Symantec Content Analysis, and Symantec Security Analytics. Learn More
    SCA_solar_winds_attack_lp_icon
    Symantec Content Analysis with Advanced Sandboxing Within the Symantec Content Analysis platform, zero-day threats are automatically escalated and brokered to Symantec Malware Analysis with dynamic sandboxing for deep inspection and behavioral analysis of potential APT files and toolkits. Learn More
    SSA_solar_winds_attack_lp_icon
    Symantec Security Analytics Symantec Security Analytics delivers enriched, full-packet capture for full network traffic analysis, advanced network forensics, anomaly detection, and real-time content inspection for all network traffic to arm incident responders for quick resolution. Learn More

    Contact Symantec to Learn More About Defending Against Attacks Like Sunburst