Product Overview Versa Secure SD-WAN Deployment Options Versa Titan Versa Secure Access
Capabilities Integrated Security Full-Featured SD-WAN Genuine Multi-Tenancy Scalable Advanced Routing Sophisticated Analytics Policy-Based Automation
Components Endpoints Appliances Control & Management Cloud Gateways
Full-featured SD-WAN Solution Deep Dive

Learn about the capabilities you should expect to find in a full-featured SD-WAN design and how these features operate within the larger Secure SD-WAN architecture.

Watch the Webinar
Solution Overview SASE Solutions WAN Edge Solutions SD-Branch Secure SD-WAN Security Routing Work-from-Home Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Technology Transportation
SD-WAN Growth Report 2020

Futuriom outlines the market trends for SD-WAN in their June 2020 report and provides their predictions for growth and change in the space.

Read the Report
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Global Financial Services Firm Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm
  McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Versa Redefines McLarens F1 Speed Strategy

NTT Communications and Versa Networks provide McLaren with reliability, security, stability, and flexible management of their data traffic flows so they can set up a secure, optimized network connectivity in preparation of race weekend.

Case Study
Partners Titan for Partners Find a Partner
Become a Partner Partner Portal
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief
What’s New Analyst Reports Webinars Videos
Datasheets & Briefs White Papers Product Documentation Versa Academy
 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage
Careers U.S. Openings India Openings EMEA Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

The Secure
SD-WAN Blog

Research Lab

The SolarWinds Hack: Understanding SolarStorm’s SUNBURST Backdoor

jayesh-gangadas
By Jayesh Gangadas Patel
Senior Threat Analyst, Versa Networks
December 21, 2020

FireEye recently provided information about the widespread attack campaign registered against components of the SolarWinds Orion platform. The SolarWinds Orion platform has a huge customer base of 300,000 clients and issued this advisory on Sunday, December 20th

In this blog post, we will focus on answering specific questions that organizations may have regarding the SolarWinds attack. 

Some notable points to consider: 

  • Supply chain was the specific target with the compromise of SolarWinds Orion platform
  • As per the recently filed SEC report: of the 300,000 customer base, fewer than 18,000 customers were known to have the trojanized version of the Orion software running
  • In the wake of this highly sophisticated attack, SolarStorm threat actors created a legitimate, digitally signed backdoor, SUNBURST, as a trojanized version of the SolarWinds Orion plug-in
  • The scope of this threat has been observed to deliver multiple payloads, focused mainly on memory-only droppers such as the FireEye-dubbed Teardrop and Cobalt Strike Beacon
  • Command and Control (C&C) traffic pretends traffic coming from a legitimate Orion improvement program
Am I at risk even if I don’t use the the SolarWinds Orion platform?

As of now, the only known component compromised within SolarWinds has been identified as the Orion platform. If your organization does not use the Orion platform, it is not at risk. In addition, only customers running the updated Orion platform between March and June 2020 are likely to be compromised. The affected versions are 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1. For more information about the affected products, please follow the link to the SolarWinds Security Advisory.

How do I detect if my organization has a possible backdoor? 

At the time of writing and based on the signatures and various indicators released thus far, all Versa Networks customers are protected with the specific detectors being released for the SolarWinds Orion platform trojan activity. Please see the list below for released signature detection that detects the vulnerability based on IPS subscription:

1000015902_Backdoor_SUNBURST_Communication_Attempt.rules

1000015903_Backdoor_SUNBURST_Communication_Attempt.rules

1000015905_Backdoor_SUNBURST_Communication_Attempt.rules

1000015906_Backdoor_SUNBURST_Communication_Attempt.rules

1000015907_Backdoor_SUNBURST_Communication_Attempt.rules

1000015908_Backdoor_SUNBURST_Communication_Attempt.rules

1000015909_Backdoor_SUNBURST_Communication_Attempt.rules

1000015910_Backdoor_SUNBURST_Communication_Attempt.rules

1000015911_Backdoor_SUNBURST_Communication_Attempt.rules

1000015912_Backdoor_SUNBURST_Communication_Attempt.rules

1000015913_Backdoor_SUNBURST_Communication_Attempt.rules

1000015914_Backdoor_SUNBURST_Communication_Attempt.rules

1000015915_Backdoor_SUNBURST_Communication_Attempt.rules

1000015916_Backdoor_SUNBURST_Communication_Attempt.rules

1000015917_Backdoor_SUNBURST_Communication_Attempt.rules

1000015918_Backdoor_SUNBURST_Communication_Attempt.rules

1000015919_Backdoor_BEACON_Communication_Attempt.rules

1000015920_Backdoor_BEACON_Communication_Attempt.rules

1000015921_Backdoor_BEACON_Communication_Attempt.rules

1000015922_Backdoor_BEACON_Communication_Attempt.rules

1000015923_Backdoor_BEACON_Communication_Attempt.rules

1000015924_Backdoor_BEACON_Communication_Attempt.rules

1000015925_Backdoor_BEACON_Communication_Attempt.rules

1000015926_Backdoor_BEACON_Communication_Attempt.rules

1000015927_Backdoor_BEACON_Communication_Attempt.rules

1000015928_Backdoor_BEACON_Communication_Attempt.rules

Protective measures will continuously be updated as new details related to this threat activity emerge. Apart from the countermeasures recommended by the Versa Security Team, there are additional steps customers need to take if using any of the above mentioned SolarWinds Orion platforms:

  1. Identify all of the SolarWinds systems inside the organization and work towards an update to the Orion Platform version 2020.2.1 HF2 now available for all customers.
  2. Evaluate guidelines related to the update of SolarWinds systems as per the resources listed below:
Resources

CISA Announcement for SolarWinds

SolarWinds Security Advisory

Secure Orion Platform


Topics



Recent Posts

John Atchison
Versa ACE Partner Program – Why? Why Now?
By John Atchison
January 19, 2021
Roopa Bayar
Why Analytics is Critical for True SD-WAN
By Roopa Bayar
January 18, 2021
Michael Wood
SASE-Delivered Cyber-Security for Resellers
By Michael Wood
January 15, 2021
Michael Wood
SASE-Delivered Cyber-Security for Small-Medium Enterprises (SMEs)
By Michael Wood
January 14, 2021
Michael Wood
Secure SD-WAN Architecture: Full-featured SD-WAN Deep Dive
By Michael Wood
January 13, 2021


Top Tags


Gartner Research Report
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.