Versa SASE ZTNA SWG RBI CASB NGFWaaS SD-WAN Routing Analytics
  Deployment Options Multi-tenancy Automation
  SASE Components Endpoints Appliances Control & Management Cloud Gateways
Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

Watch the Webinar
Solution Overview Work-from-Home Solutions WAN Edge Solutions Secure SD-WAN Security Routing Lean IT Solutions
Industry Solutions Architecture Education Energy & Utilities Engineering & Construction Financial Services Healthcare Hospitality
  Legal Manufacturing Public Sector Retail Satellite ISP Technology Transportation
Versa for Work-From-Home

Versa has made it simple for organizations to offer Secure SD-WAN for Work-From-Home users on home appliances or working from anywhere

Read the Brief
Our Customers Customer Acclaim Customer Videos Customer Support
Case Studies Top Energy Firm Global Satellite Provider Global Pharmaceutical Company Large Food Retailer National Dental Practice Global Retailer Global Financial Services Firm
  Global Credit Card Payments Company Cloud/SaaS Digital Marketing Firm McLaren Racing Limited Leading Media and Communications Service Provider Fortune 500 Financial Services Company
Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

Case Study
Partner Overview Program Summary Titan for Partners
Find a Partner Become a Partner Partner Portal
 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

Read the Report
What’s New Analyst Reports Webinars Videos
Datasheets & Briefs White Papers & eBooks Product Documentation Versa Academy
 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Read the Report
Company Overview Leadership Team Our Investors Awards Contact Us
News Latest News Press Releases Media Coverage
Careers U.S. Openings APAC Openings EMEA Openings Life at Versa Cultural Values
Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Watch the Video
What is SASE? What are the Major SASE Components? What is Secure Web Gateway? What is ZTNA?
A Quick Introduction to SASE Architecture How to Adopt SASE Primary SASE Challenges
Why is SASE Necessary? What Kind of Company Should Use SASE? What are the Primary SASE Benefits? How Can SASE Help You and Your Organization?
Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location

Read the Brief
What is SD-WAN? SD-WAN Tutorial SD-WAN Technology Choosing a Vendor
Hybrid WAN Cloud WAN IDS/IPS
 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

Read the Brief

The Modern Secure
Network Blog

Research Lab

The SolarWinds Hack: Understanding SolarStorm’s SUNBURST Backdoor

jayesh-gangadas
By Jayesh Gangadas Patel
Senior Threat Analyst, Versa Networks
December 21, 2020

FireEye recently provided information about the widespread attack campaign registered against components of the SolarWinds Orion platform. The SolarWinds Orion platform has a huge customer base of 300,000 clients and issued this advisory on Sunday, December 20th

In this blog post, we will focus on answering specific questions that organizations may have regarding the SolarWinds attack. 

Some notable points to consider: 

  • Supply chain was the specific target with the compromise of SolarWinds Orion platform
  • As per the recently filed SEC report: of the 300,000 customer base, fewer than 18,000 customers were known to have the trojanized version of the Orion software running
  • In the wake of this highly sophisticated attack, SolarStorm threat actors created a legitimate, digitally signed backdoor, SUNBURST, as a trojanized version of the SolarWinds Orion plug-in
  • The scope of this threat has been observed to deliver multiple payloads, focused mainly on memory-only droppers such as the FireEye-dubbed Teardrop and Cobalt Strike Beacon
  • Command and Control (C&C) traffic pretends traffic coming from a legitimate Orion improvement program
Am I at risk even if I don’t use the the SolarWinds Orion platform?

As of now, the only known component compromised within SolarWinds has been identified as the Orion platform. If your organization does not use the Orion platform, it is not at risk. In addition, only customers running the updated Orion platform between March and June 2020 are likely to be compromised. The affected versions are 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1. For more information about the affected products, please follow the link to the SolarWinds Security Advisory.

How do I detect if my organization has a possible backdoor? 

At the time of writing and based on the signatures and various indicators released thus far, all Versa Networks customers are protected with the specific detectors being released for the SolarWinds Orion platform trojan activity. Please see the list below for released signature detection that detects the vulnerability based on IPS subscription:

1000015902_Backdoor_SUNBURST_Communication_Attempt.rules

1000015903_Backdoor_SUNBURST_Communication_Attempt.rules

1000015905_Backdoor_SUNBURST_Communication_Attempt.rules

1000015906_Backdoor_SUNBURST_Communication_Attempt.rules

1000015907_Backdoor_SUNBURST_Communication_Attempt.rules

1000015908_Backdoor_SUNBURST_Communication_Attempt.rules

1000015909_Backdoor_SUNBURST_Communication_Attempt.rules

1000015910_Backdoor_SUNBURST_Communication_Attempt.rules

1000015911_Backdoor_SUNBURST_Communication_Attempt.rules

1000015912_Backdoor_SUNBURST_Communication_Attempt.rules

1000015913_Backdoor_SUNBURST_Communication_Attempt.rules

1000015914_Backdoor_SUNBURST_Communication_Attempt.rules

1000015915_Backdoor_SUNBURST_Communication_Attempt.rules

1000015916_Backdoor_SUNBURST_Communication_Attempt.rules

1000015917_Backdoor_SUNBURST_Communication_Attempt.rules

1000015918_Backdoor_SUNBURST_Communication_Attempt.rules

1000015919_Backdoor_BEACON_Communication_Attempt.rules

1000015920_Backdoor_BEACON_Communication_Attempt.rules

1000015921_Backdoor_BEACON_Communication_Attempt.rules

1000015922_Backdoor_BEACON_Communication_Attempt.rules

1000015923_Backdoor_BEACON_Communication_Attempt.rules

1000015924_Backdoor_BEACON_Communication_Attempt.rules

1000015925_Backdoor_BEACON_Communication_Attempt.rules

1000015926_Backdoor_BEACON_Communication_Attempt.rules

1000015927_Backdoor_BEACON_Communication_Attempt.rules

1000015928_Backdoor_BEACON_Communication_Attempt.rules

Protective measures will continuously be updated as new details related to this threat activity emerge. Apart from the countermeasures recommended by the Versa Security Team, there are additional steps customers need to take if using any of the above mentioned SolarWinds Orion platforms:

  1. Identify all of the SolarWinds systems inside the organization and work towards an update to the Orion Platform version 2020.2.1 HF2 now available for all customers.
  2. Evaluate guidelines related to the update of SolarWinds systems as per the resources listed below:
Resources

CISA Announcement for SolarWinds

SolarWinds Security Advisory

Secure Orion Platform


Topics



Recent Posts

Rahul Vaiyda
Versa Networks and Google Cloud Accelerate Access to Cloud Workloads and Branch Offices
By Rahul Vaiyda
May 27, 2021
Amelie Sutsakhan
Defense Against Web Threats in the Modern Era
By Amelie Sutsakhan
April 20, 2021
Robert McBride
Versa Titan: Versa SASE for Lean IT
By Robert McBride
March 25, 2021
Versa Threat Research Lab
Detect Zero-Day Exploits in Microsoft’s Exchange Server
By Versa Threat Research Lab
March 9, 2021
Amelie Sutsakhan
5 Real Deployments of SASE
By Amelie Sutsakhan
February 17, 2021


Top Tags


Gartner Research Report
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.