The world is now facing what appears to be a new wave of multi-vector cyber-attacks, the latest being the Solarwinds Sunburst, with clear characteristics of an upcoming cyber pandemic. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers but was actually a Trojan horse.
About Solarwinds hack
During the closing weeks of 2020, the Solarwinds Sunburst cyber-attack became one of the main headline news stories of what had already been a news-rich year. Over 18,000 companies and government offices downloaded what seemed to be a regular software update on their computers but was actually a Trojan horse. By leveraging a common IT practice of software updates, the attackers utilized the backdoor to compromise the organization’s assets, both cloud and on-premises, enabling them to spy on the organization and access its data. We believe this is one of the most sophisticated and severe attacks seen in the wild.
The importance of automated detection and response
For many Security Operations Center (SOC) teams, finding malicious activity inside the network is like finding a needle in a haystack. They are often forced to piece together information from multiple monitoring solutions and navigate through tens of thousands of daily alerts. SOC analysts are usually required to search for indicators of compromise (IoCs) within network, cloud, and endpoint environments. They then need to drill-down into findings to validate the breach and plan their response. The results in many cases, and also in the sunburst hack case, are that critical attacks are missed until it’s too late. In the sunburst case, organizations found out about this internal threat when it was too late, a few months after the attack started and they were already seriously damaged
About Infinity SOC
Check Point’s Infinity SOC is a cloud-based platform for security operations teams that utilizes AI-based incident analysis to pinpoint real security incidents across the entire IT infrastructure: networks, cloud, endpoints, mobile devices, and IoT. Its overview dashboard enables you to clearly see the organization’s entire security posture through a single pane of glass. It also lets you quickly respond to the most severe attacks as it automatically triages security incidents based on their severity and probability. Needless to say, the faster an incident is detected and prioritized as critical, the lower the risk that your compromise will turn into a breach.
Check Point Infinity SOC’s innovative multi-layered approach to threat prevention leverages advanced machine learning algorithms combined with Check Point’s globally-shared threat intelligence to expose even the stealthiest and most advanced attacks.
How Infinity SOC can detect Sunburst
Critical to Sunburst’s remediation efforts is the ability to find evidence of impact quickly. Infinity SOC’s automated event analysis tool can accelerate your investigation efforts and help you accurately determine whether you are affected. Check Point researchers have integrated publicly available Sunburst indicators as well as proprietary intelligence data into Infinity SOC.
- Administrators can leverage the cloud-based platform to search for Sunburst indicators within network, cloud, and endpoint environments.
- The solution also provides event investigation tools to drill-down into findings to validate and plan remediation steps.
In the following screenshot, we see identified Sunburst indicators with their corresponding addresses, associated risk levels attack family association. In addition, we see timeline charts that represent the number of connections to the Sunburst indicators.
Leverage your existing Check Point firewall to get started quickly
Check Point’s Next Generation firewall customers can quickly onboard, as Infinity SOC does not require any new deployment of probes or sensors.
To onboard to the Infinity SOC application, go to your Check Point’s User Center account at https://usercenter.checkpoint.com/usercenter/portal, click “Learn” and “Product Evaluation”. After searching and selecting Infinity SOC from the “Other evaluation option” and finishing the evaluation entitlement, go to portal.checkpoint.com, login to your account, choose Infinity SOC from the top left application menu, and attach an Infinity SOC evaluation license to your account. Click “Create Account” to create an Infinity SOC account.
The Infinity SOC wizard opens. Inside the Infinity SOC wizard, review these options:
Threat Intelligence – Configure your country, region, and industry for the relevant attack landscape against your network.
Detection and Response – Review the Gateways connected to your User Center Account: Remove from the list Gateways you do not want Infinity SOC to analyze.
Brand Protection – Review and configure your protected domains.
Get started today
Check Point’s finest teams work closely with our customers to provide the best protection against this sophisticated multi-vector attack. To help you rapidly investigate, Check Point offers a free license of its Infinity SOC offering so you can quickly identify attacks operating within your environment. Infinity SOC can pinpoint the presence of Sunburst indicators associated with servers and network activity.
To get started, contact us, and we’ll be in touch to help get you set up quickly.
In addition, the Check Point Incident Response Team is available 24x7x365 to deliver security incident handling service. If you believe you were exposed to the solar wind attack, we are a single hotline phone call away. We will help you contain the threat, minimize its impact, and keep your business running.
Additional information on Infinity SOC.
Get more support on containing the Sunburst attack.