Viavi Solutions > Case Studies > Remediation After Sunburst Cybersecurity Incident: A Case Study

Remediation After Sunburst Cybersecurity Incident: A Case Study

Viavi Solutions Logo
 Remediation After Sunburst Cybersecurity Incident: A Case Study - IoT ONE Case Study
Technology Category
  • Infrastructure as a Service (IaaS) - Cloud Computing
  • Platform as a Service (PaaS) - Application Development Platforms
Applicable Industries
  • Equipment & Machinery
Use Cases
  • Cybersecurity
  • Traffic Monitoring
Services
  • Cybersecurity Services
The Customer

Large global technology company headquartered in California.

About The Customer
The customer in this case study is a large global technology company headquartered in California. The company has a significant IT estate, running SolarWinds Orion instances across their infrastructure. The IT team operates the VIAVI Observer platform in multiple strategic datacenters around the world. The company's IT networking services team also uses SolarWinds Orion software. The company is particularly concerned about the security of its confidential and sensitive data, given the nature of the solutions it provides. Any reputational damage due to a security breach could have long-term consequences to its current and future business relationships.
The Challenge
A large global technology company based in California was running SolarWinds Orion instances across their IT estate. The company needed to quickly ascertain the impact and their exposure due to the SUNBURST hack of December 2020. The IT team was running VIAVI Observer platform in multiple strategic datacenters around the world. The IT networking services team were also using SolarWinds Orion software. The production services were running a version of SolarWinds Orion that did not contain the vulnerability. However, a second, non-production demo instance, built in June 2020 for a 30-day trial period to explore new features, did contain the vulnerability. The key goal was to understand if any confidential or sensitive data had been accessed or exfiltrated. This was of particular concern given the nature of the solutions provided by the organization concerned, as reputational damage would have long-term consequences to current and future business relationships.
The Solution
The immediate response was to quarantine the demo instance while continuing with investigations based on the guidance from SolarWinds, CISA, and other Cybersecurity agencies. Investigations were performed per recommendations using their centralized firewall logging SIEM and Network flow data analysis tools. VIAVI Observer Platform was used as an additional layer of monitoring and an important forensics tool to validate historical traffic flows to and from the SolarWinds server. The Observer solution provided details dating back to the time of the known attacker compromise at SolarWinds, of network traffic flows and packet level data for forensics. It also provided visibility into any attempts made, from inside the organization borders, to any of the more than 500 command and control hosts in published resources. Observer GigaFlow showed any attempted activity to blacklisted IPs from anywhere that it was monitoring, not just the Observer server. It also provided visibility into all traffic to and from the vulnerable SolarWinds Orion server.
Operational Impact
  • Using VIAVI Observer forensics, the organization was quickly able to confirm no evidence of exploitation or activation of the vulnerability. Their Cybersecurity team is staying on top of new information and implementing additional recommended protections. VIAVI Observer platform will continue to be a critical tool to monitor and investigate issues on their networks. This has helped the company to maintain its reputation and continue its business operations without any disruptions.

Case Study missing?

Start adding your own!

Register with your work email and create a new case study profile for your business.

Add New Record

Related Case Studies.

Contact us

Let's talk!
* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.