CyberArk, the global leader in privileged access management, launched a free assessment offer to help SolarWinds Orion customers identify privileged access-related risk and implement steps to mitigate future exposure to a potential cyberattack.
To date, the supply chain attack involving SolarWinds Orion business software is believed to have impacted more than 18,000 organisations. The attackers were reportedly successful in infiltrating many high-profile public and private organisations using extremely sophisticated attack techniques, including the use of compromised privileged credentials to move laterally and vertically across the IT environment. With dramatic cloud migrations underway, and the adoption of transformative digital technologies, privileged accounts and credentials represent one of the largest attack surfaces for organisations today, which makes identifying and managing privileged access critical to disrupting the attack chain and maximising risk mitigation.
A comprehensive Identity Security program that has privileged access management at its core is critical to helping address the gaps and vulnerabilities that the attackers in the SolarWinds breach exploited, including by gaining administrative access through compromised credentials and the escalation of privileges that allowed for both lateral and vertical movement.
To help organisations that have been affected by the SolarWinds Orion attack, CyberArk is offering the following:
Privileged Access Management (PAM) Rapid Risk Assessment: A no cost assessment for organisations that were running the compromised Orion software in their environment. This assessment includes the CyberArk Discovery and Audit (DNA) tool run against a representative sample of their Windows IT infrastructure. Based on the scan, customers will receive curated remediation recommendations with several ‘sprint’ tactics for short-term success.
Privileged Access Management (PAM) Rapid Risk Remediation: CyberArk and our certified partners can assist customers in prioritising PAM controls including credential management, multi-factor authentication, session isolation, and least privilege on endpoints and servers for rapid risk reduction. Such measures will be based on findings from the organisation’s incident response team and in alignment with the CyberArk Blueprint for PAM Success.
Only CyberArk combines deep Identity Security controls, privileged access remediation services and the expertise of the CyberArk Labs and CyberArk Red Team, to help organisations gain invaluable time by enabling them to detect attacks earlier and prevent attackers from reaching their end goal.
“With adoption of modern infrastructure and digital transformation, privilege is everywhere – from critical applications and IoT devices, to robotic process automation and DevOps tools. Attackers know this, which is why nearly all advanced attacks today rely on the exploitation of privileged credentials,” said Udi Mokady, founder and CEO, CyberArk. “The SolarWinds breach is yet another example of how attacks are becoming hyper-targeted with widespread impact. It is critical that organisations always ‘assume breach’ and that access to their sensitive data and systems is secured. These offerings are designed to not only improve their current security posture, but also help establish a strong foundation that can prevent against future compromise.”
There are immediate steps organisations can take to help minimise their exposure to this SolarWinds breach, while laying the foundation for longer-term, proactive strategies to help prevent the compromise of privileged credentials that could further disrupt the business. Those longer-term steps include: Deploying “least privilege” measures to servers and applications; Securing application credentials and continuous integration/development (CI/CD) pipelines; and Configuring Active Directory based on credential boundaries.