Secure Access Service Edge (SASE)

Secure Access Service Edge, or SASE, is an emerging cybersecurity concept. In this video, you understand how the key capabilities of SASE address the demands of growing network sprawl and the challenges of digitally transforming your business.

Versa for Work-From-Home

Versa has made it simple for organizations to offer Secure SD-WAN for Work-From-Home users on home appliances or working from anywhere

Top Energy Firm Achieves Comprehensive “Work-From-Anywhere” with Versa SASE

A large, publicly traded energy company operating in all areas of the oil and gas industry has dramatically simplified their network stack and realized huge cost savings with Versa SASE.

 
Availability and Buying Options in the Emerging SASE Market

EMA evaluates the different SASE vendors and their approaches to architecture, go-to-market, and support for their cloud-delivered and hybrid services.

 
Gartner Magic Quadrant for WAN Edge Infrastructure, 2020

Gartner 2020 Magic Quadrant report analyzes the various vendors in the WAN edge market and Versa is positioned as a Leader.

Versa Networks - Explained in 1 minute

Learn about the Versa Secure SD-WAN solution in a high-level, one minute overview.

Versa SASE (Secure Access Service Edge)

SASE is the simplest, most scalable way to continuously secure and connect the millions points of access in and out of the corporate resources regardless of location

 
Versa Secure SD-WAN – Simple, Secure, and Reliable Branch to Multi-Cloud Connectivity

Versa Secure SD-WAN is a single software platform that offers multi-layered security and enables multi-cloud connectivity for Enterprises.

The Modern Secure
Network Blog

Research Lab

The SolarWinds Hack: Understanding SolarStorm’s SUNBURST Backdoor

jayesh-gangadas
By Jayesh Gangadas Patel
Senior Threat Analyst, Versa Networks
December 21, 2020

FireEye recently provided information about the widespread attack campaign registered against components of the SolarWinds Orion platform. The SolarWinds Orion platform has a huge customer base of 300,000 clients and issued this advisory on Sunday, December 20th

In this blog post, we will focus on answering specific questions that organizations may have regarding the SolarWinds attack. 

Some notable points to consider: 

  • Supply chain was the specific target with the compromise of SolarWinds Orion platform
  • As per the recently filed SEC report: of the 300,000 customer base, fewer than 18,000 customers were known to have the trojanized version of the Orion software running
  • In the wake of this highly sophisticated attack, SolarStorm threat actors created a legitimate, digitally signed backdoor, SUNBURST, as a trojanized version of the SolarWinds Orion plug-in
  • The scope of this threat has been observed to deliver multiple payloads, focused mainly on memory-only droppers such as the FireEye-dubbed Teardrop and Cobalt Strike Beacon
  • Command and Control (C&C) traffic pretends traffic coming from a legitimate Orion improvement program
Am I at risk even if I don’t use the the SolarWinds Orion platform?

As of now, the only known component compromised within SolarWinds has been identified as the Orion platform. If your organization does not use the Orion platform, it is not at risk. In addition, only customers running the updated Orion platform between March and June 2020 are likely to be compromised. The affected versions are 2019.4 HF 5, 2020.2 with no hotfix installed, or with 2020.2 HF 1. For more information about the affected products, please follow the link to the SolarWinds Security Advisory.

How do I detect if my organization has a possible backdoor? 

At the time of writing and based on the signatures and various indicators released thus far, all Versa Networks customers are protected with the specific detectors being released for the SolarWinds Orion platform trojan activity. Please see the list below for released signature detection that detects the vulnerability based on IPS subscription:

1000015902_Backdoor_SUNBURST_Communication_Attempt.rules

1000015903_Backdoor_SUNBURST_Communication_Attempt.rules

1000015905_Backdoor_SUNBURST_Communication_Attempt.rules

1000015906_Backdoor_SUNBURST_Communication_Attempt.rules

1000015907_Backdoor_SUNBURST_Communication_Attempt.rules

1000015908_Backdoor_SUNBURST_Communication_Attempt.rules

1000015909_Backdoor_SUNBURST_Communication_Attempt.rules

1000015910_Backdoor_SUNBURST_Communication_Attempt.rules

1000015911_Backdoor_SUNBURST_Communication_Attempt.rules

1000015912_Backdoor_SUNBURST_Communication_Attempt.rules

1000015913_Backdoor_SUNBURST_Communication_Attempt.rules

1000015914_Backdoor_SUNBURST_Communication_Attempt.rules

1000015915_Backdoor_SUNBURST_Communication_Attempt.rules

1000015916_Backdoor_SUNBURST_Communication_Attempt.rules

1000015917_Backdoor_SUNBURST_Communication_Attempt.rules

1000015918_Backdoor_SUNBURST_Communication_Attempt.rules

1000015919_Backdoor_BEACON_Communication_Attempt.rules

1000015920_Backdoor_BEACON_Communication_Attempt.rules

1000015921_Backdoor_BEACON_Communication_Attempt.rules

1000015922_Backdoor_BEACON_Communication_Attempt.rules

1000015923_Backdoor_BEACON_Communication_Attempt.rules

1000015924_Backdoor_BEACON_Communication_Attempt.rules

1000015925_Backdoor_BEACON_Communication_Attempt.rules

1000015926_Backdoor_BEACON_Communication_Attempt.rules

1000015927_Backdoor_BEACON_Communication_Attempt.rules

1000015928_Backdoor_BEACON_Communication_Attempt.rules

Protective measures will continuously be updated as new details related to this threat activity emerge. Apart from the countermeasures recommended by the Versa Security Team, there are additional steps customers need to take if using any of the above mentioned SolarWinds Orion platforms:

  1. Identify all of the SolarWinds systems inside the organization and work towards an update to the Orion Platform version 2020.2.1 HF2 now available for all customers.
  2. Evaluate guidelines related to the update of SolarWinds systems as per the resources listed below:
Resources

CISA Announcement for SolarWinds

SolarWinds Security Advisory

Secure Orion Platform