Download PDF
Remediation After Sunburst Cybersecurity Incident: A Case Study
Technology Category
- Infrastructure as a Service (IaaS) - Cloud Computing
- Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries
- Equipment & Machinery
Use Cases
- Cybersecurity
- Traffic Monitoring
Services
- Cybersecurity Services
The Challenge
A large global technology company based in California was running SolarWinds Orion instances across their IT estate. The company needed to quickly ascertain the impact and their exposure due to the SUNBURST hack of December 2020. The IT team was running VIAVI Observer platform in multiple strategic datacenters around the world. The IT networking services team were also using SolarWinds Orion software. The production services were running a version of SolarWinds Orion that did not contain the vulnerability. However, a second, non-production demo instance, built in June 2020 for a 30-day trial period to explore new features, did contain the vulnerability. The key goal was to understand if any confidential or sensitive data had been accessed or exfiltrated. This was of particular concern given the nature of the solutions provided by the organization concerned, as reputational damage would have long-term consequences to current and future business relationships.
The Customer
Large global technology company headquartered in California.
About The Customer
The customer in this case study is a large global technology company headquartered in California. The company has a significant IT estate, running SolarWinds Orion instances across their infrastructure. The IT team operates the VIAVI Observer platform in multiple strategic datacenters around the world. The company's IT networking services team also uses SolarWinds Orion software. The company is particularly concerned about the security of its confidential and sensitive data, given the nature of the solutions it provides. Any reputational damage due to a security breach could have long-term consequences to its current and future business relationships.
The Solution
The immediate response was to quarantine the demo instance while continuing with investigations based on the guidance from SolarWinds, CISA, and other Cybersecurity agencies. Investigations were performed per recommendations using their centralized firewall logging SIEM and Network flow data analysis tools. VIAVI Observer Platform was used as an additional layer of monitoring and an important forensics tool to validate historical traffic flows to and from the SolarWinds server. The Observer solution provided details dating back to the time of the known attacker compromise at SolarWinds, of network traffic flows and packet level data for forensics. It also provided visibility into any attempts made, from inside the organization borders, to any of the more than 500 command and control hosts in published resources. Observer GigaFlow showed any attempted activity to blacklisted IPs from anywhere that it was monitoring, not just the Observer server. It also provided visibility into all traffic to and from the vulnerable SolarWinds Orion server.
Operational Impact
Related Case Studies.
Case Study
Smart Water Filtration Systems
Before working with Ayla Networks, Ozner was already using cloud connectivity to identify and solve water-filtration system malfunctions as well as to monitor filter cartridges for replacements.But, in June 2015, Ozner executives talked with Ayla about how the company might further improve its water systems with IoT technology. They liked what they heard from Ayla, but the executives needed to be sure that Ayla’s Agile IoT Platform provided the security and reliability Ozner required.
Case Study
IoT enabled Fleet Management with MindSphere
In view of growing competition, Gämmerler had a strong need to remain competitive via process optimization, reliability and gentle handling of printed products, even at highest press speeds. In addition, a digitalization initiative also included developing a key differentiation via data-driven services offers.
Case Study
Predictive Maintenance for Industrial Chillers
For global leaders in the industrial chiller manufacturing, reliability of the entire production process is of the utmost importance. Chillers are refrigeration systems that produce ice water to provide cooling for a process or industrial application. One of those leaders sought a way to respond to asset performance issues, even before they occur. The intelligence to guarantee maximum reliability of cooling devices is embedded (pre-alarming). A pre-alarming phase means that the cooling device still works, but symptoms may appear, telling manufacturers that a failure is likely to occur in the near future. Chillers who are not internet connected at that moment, provide little insight in this pre-alarming phase.
Case Study
Premium Appliance Producer Innovates with Internet of Everything
Sub-Zero faced the largest product launch in the company’s history:It wanted to launch 60 new products as scheduled while simultaneously opening a new “greenfield” production facility, yet still adhering to stringent quality requirements and manage issues from new supply-chain partners. A the same time, it wanted to increase staff productivity time and collaboration while reducing travel and costs.
Case Study
Integration of PLC with IoT for Bosch Rexroth
The application arises from the need to monitor and anticipate the problems of one or more machines managed by a PLC. These problems, often resulting from the accumulation over time of small discrepancies, require, when they occur, ex post technical operations maintenance.
Case Study
Robot Saves Money and Time for US Custom Molding Company
Injection Technology (Itech) is a custom molder for a variety of clients that require precision plastic parts for such products as electric meter covers, dental appliance cases and spools. With 95 employees operating 23 molding machines in a 30,000 square foot plant, Itech wanted to reduce man hours and increase efficiency.