On December 12, 2020, FireEye detailed a sophisticated supply chain attack that used SolarWinds Orion business software (versions 2019.4 to 2020.2.1 HF2) released between March and June 2020 to compromise networks. Since then, the Department of Homeland Security has issued Emergency Directive 21-01, informing agencies to take immediate action to mitigate this risk.
Our Commitment to Security
The event highlights the importance of our mission to help customers secure their most critical assets. A significant part of that is ensuring the highest level of cyber resilience and security for our products, corporate systems and customer data.
Our Information Technology team has completed a thorough review of all Forescout systems. Forescout does not currently use any SolarWinds software and has never used the known affected versions of the SolarWinds products within our environment.
Forescout’s Security Incident Response Team (SIRT) is taking additional actions including, but not limited to:
- Verifying system hygiene to include patching for all 17 CVEs noted in the FireEye report
- Configuring our Information Security tools to scan for all Indicators of Compromise (IOCs) for this attack and investigating any possible IOCs
- Performing a gap analysis comparing new malware, tools and tactics against existing countermeasures and applying mitigation to gaps found
- Reviewing historical log data to look for any indicators based on new IOCs
- Performing an in-depth review of our supply chain
Forescout is continually testing, updating and monitoring our own networks to maximize our security posture. We employ Forescout products as part of this effort to gain the same real-time visibility and control of all connected things on our networks as our customers.
Protecting Your Network
While information about this attack is still emerging, Forescout customers can immediately begin to identify and address vulnerable versions of the SolarWinds software inside their environment.
Forescout eyeSight discovers and classifies every device on your network and can help identify vulnerable, misbehaving and unauthorized devices. This includes identifying the known affected SolarWinds systems within your environment. Using Forescout, you can then isolate or contain the devices and apply immediate risk mitigation actions to limit your exposure.
Existing Forescout customers can learn more about using Forescout policies to identify at-risk SolarWinds systems via our customer support portal.
Looking Ahead
Our IT security and threat research teams are continuing to monitor the situation closely. We will provide updates as the situation evolves and teams are available to answer any questions you might have.
The post Forescout’s Commitment to CyberSecurity: Update on SolarWinds appeared first on Forescout.
Article Link: https://www.forescout.com/company/blog/forescouts-commitment-to-cybersecurity-update-on-solarwinds/