SolarWinds Malware
Get a CISO’s Perspective
Given the widespread nature of the SolarWinds breach, Forescout has proactively conducted a thorough security review to validate the integrity of our product binaries and security of our software delivery chain:
- Forescout has reviewed the recent disclosures around the additional vulnerabilities found in the context of SolarWinds, named Raindrop and Supernova.
- Forescout does not currently run any versions of SolarWinds Orion software.
- Forescout previously ran SolarWinds version 2018.2 and 2016.1.5300, and after an extensive investigation, found no evidence that Forescout has been compromised by Supernova or Raindrop.
- We have enabled all previously disabled product downloads.
- Forescout is continually testing, updating and monitoring our own networks to maximize our security posture.
Forescout’s Incident Response
Our Security Incident Response Team is taking these additional actions in response to the SolarWinds breach:
- Verifying system hygiene to ensure patching for all CVEs noted in the FireEye report.
- Updating information security tool configurations to scan for Indicators of Compromise (IOCs) for this attack and investigating any relevant alerts.
- Performing a gap analysis comparing new malware, tools and tactics against existing countermeasures and applying mitigation to any gaps found.
- Reviewing historical log data and looking for new IOCs related to the SolarWinds attack.
Protect Your Network
Customers can identify and reduce their exposure from vulnerable versions of SolarWinds software inside their environment using Forescout products:
- Forescout eyeSight: The latest Security Policy Template (SPT) helps detect vulnerable SolarWinds versions and impacted systems.
- Forescout eyeInspect: An eyeInspect script is available to detect the presence of SUNBURST malware in OT environments, and the Forensics Time Machine capability can be used to scan historical network logs for IOCs.
- Forescout eyeSegment and eyeControl can be used to contain and limit access to and from affected SolarWinds systems and apply risk mitigation actions to limit exposure.
Forescout customers can get the latest detection scripts, documentation and updates via our support portal or contacting Forescout Customer Care.