Viavi Solutions Case Studies Remediation After Sunburst Cybersecurity Incident: A Case Study

Edit This Case Study Record

	Remediation After Sunburst Cybersecurity Incident: A Case Study Viavi Solutions

Remediation After Sunburst Cybersecurity Incident: A Case Study

Viavi Solutions

Technology Category	Infrastructure as a Service (IaaS) - Cloud Computing Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries	Equipment & Machinery
Use Cases	Cybersecurity Traffic Monitoring
Services	Cybersecurity Services
Challenge	A large global technology company based in California was running SolarWinds Orion instances across their IT estate. The company needed to quickly ascertain the impact and their exposure due to the SUNBURST hack of December 2020. The IT team was running VIAVI Observer platform in multiple strategic datacenters around the world. The IT networking services team were also using SolarWinds Orion software. The production services were running a version of SolarWinds Orion that did not contain the vulnerability. However, a second, non-production demo instance, built in June 2020 for a 30-day trial period to explore new features, did contain the vulnerability. The key goal was to understand if any confidential or sensitive data had been accessed or exfiltrated. This was of particular concern given the nature of the solutions provided by the organization concerned, as reputational damage would have long-term consequences to current and future business relationships. Read More
About Customer	The customer in this case study is a large global technology company headquartered in California. The company has a significant IT estate, running SolarWinds Orion instances across their infrastructure. The IT team operates the VIAVI Observer platform in multiple strategic datacenters around the world. The company's IT networking services team also uses SolarWinds Orion software. The company is particularly concerned about the security of its confidential and sensitive data, given the nature of the solutions it provides. Any reputational damage due to a security breach could have long-term consequences to its current and future business relationships. Read More
Customer Name	Large global technology company headquartered in California. Read More
Solution	The immediate response was to quarantine the demo instance while continuing with investigations based on the guidance from SolarWinds, CISA, and other Cybersecurity agencies. Investigations were performed per recommendations using their centralized firewall logging SIEM and Network flow data analysis tools. VIAVI Observer Platform was used as an additional layer of monitoring and an important forensics tool to validate historical traffic flows to and from the SolarWinds server. The Observer solution provided details dating back to the time of the known attacker compromise at SolarWinds, of network traffic flows and packet level data for forensics. It also provided visibility into any attempts made, from inside the organization borders, to any of the more than 500 command and control hosts in published resources. Observer GigaFlow showed any attempted activity to blacklisted IPs from anywhere that it was monitoring, not just the Observer server. It also provided visibility into all traffic to and from the vulnerable SolarWinds Orion server. Read More Log in to view content
Contents

Technology Category

Infrastructure as a Service (IaaS) - Cloud Computing

Platform as a Service (PaaS) - Application Development Platforms

Applicable Industries

Equipment & Machinery

Use Cases

Cybersecurity

Traffic Monitoring

Services

Cybersecurity Services

Challenge

A large global technology company based in California was running SolarWinds Orion instances across their IT estate. The company needed to quickly ascertain the impact and their exposure due to the SUNBURST hack of December 2020. The IT team was running VIAVI Observer platform in multiple strategic datacenters around the world. The IT networking services team were also using SolarWinds Orion software. The production services were running a version of SolarWinds Orion that did not contain the vulnerability. However, a second, non-production demo instance, built in June 2020 for a 30-day trial period to explore new features, did contain the vulnerability. The key goal was to understand if any confidential or sensitive data had been accessed or exfiltrated. This was of particular concern given the nature of the solutions provided by the organization concerned, as reputational damage would have long-term consequences to current and future business relationships.

About Customer

The customer in this case study is a large global technology company headquartered in California. The company has a significant IT estate, running SolarWinds Orion instances across their infrastructure. The IT team operates the VIAVI Observer platform in multiple strategic datacenters around the world. The company's IT networking services team also uses SolarWinds Orion software. The company is particularly concerned about the security of its confidential and sensitive data, given the nature of the solutions it provides. Any reputational damage due to a security breach could have long-term consequences to its current and future business relationships.

Customer Name

Large global technology company headquartered in California.

Solution

The immediate response was to quarantine the demo instance while continuing with investigations based on the guidance from SolarWinds, CISA, and other Cybersecurity agencies. Investigations were performed per recommendations using their centralized firewall logging SIEM and Network flow data analysis tools. VIAVI Observer Platform was used as an additional layer of monitoring and an important forensics tool to validate historical traffic flows to and from the SolarWinds server. The Observer solution provided details dating back to the time of the known attacker compromise at SolarWinds, of network traffic flows and packet level data for forensics. It also provided visibility into any attempts made, from inside the organization borders, to any of the more than 500 command and control hosts in published resources. Observer GigaFlow showed any attempted activity to blacklisted IPs from anywhere that it was monitoring, not just the Observer server. It also provided visibility into all traffic to and from the vulnerable SolarWinds Orion server.

Impact #1	Using VIAVI Observer forensics, the organization was quickly able to confirm no evidence of exploitation or activation of the vulnerability. Their Cybersecurity team is staying on top of new information and implementing additional recommended protections. VIAVI Observer platform will continue to be a critical tool to monitor and investigate issues on their networks. This has helped the company to maintain its reputation and continue its business operations without any disruptions.

Impact #1

Using VIAVI Observer forensics, the organization was quickly able to confirm no evidence of exploitation or activation of the vulnerability. Their Cybersecurity team is staying on top of new information and implementing additional recommended protections. VIAVI Observer platform will continue to be a critical tool to monitor and investigate issues on their networks. This has helped the company to maintain its reputation and continue its business operations without any disruptions.

Download PDF Version

Overview

Remediation After Sunburst Cybersecurity Incident: A Case Study

Operational Impact