Cyborg Security, the pioneer in threat hunting and detection content, has released several free community defense measures (CDM) to assist organizations that may have been impacted by the SUNBURST attack. These measures include free access to the HUNTER platform for organizations that believe they have been affected, as well as free Threat Detection Packages enabling organizations to have ongoing detection capability.
The recent attack involving SolarWinds Orion demonstrates the risks of supply chain attacks, and the need for organizations to focus on proactive defense like threat hunting. Cyborg Security’s CDMs are aimed at assisting organizations of all sizes to effectively detect and respond to the threat using their own security ecosystem.
These CDMs follow Cyborg Security’s in-depth public analysis of the SUNBURST implant. Access to the HUNTER platform will allow organizations to deploy detection content customized to their unique environment for the SUNBURST implant, as well as a wide variety of other advanced behavioural threat hunting content capable of detecting adversaries’ actions, not just their tools, in organizations’ environments.
“The scale and impact of the SolarWinds attack is unprecedented,” explained Dave Amsler, Founder and CEO of Cyborg Security. “This attack underscores how relying on traditional reactive security measures is no longer sufficient. This is especially true given that many security controls during the attack were tampered with to render security teams blind to the threat. Instead, organizations must take the fight to the adversary, with threat hunting. HUNTER enables organizations to seamlessly deploy threat hunting and detection packages into their unique environments without costly development or engineering effort. This allows them to detect adversaries’ behaviour, malware, and attacks, like SUNBURST and future variants.”
The HUNTER platform allows organizations to deploy threat hunting and detection packages to their existing SIEM, data lake, and EDR platforms that are tailored to their unique environments. Additionally, every package also includes detailed analysis runbooks and remediations to guide hunters and analysts, as well as cyber threat emulation (CTE) allowing organizations to validate detection capabilities and response processes.
Cyborg Security has remained at the forefront of the rapidly evolving SUNBURST attack, providing in-depth analysis, as well as security guidance to our clients, partners, and the broader infosec community.
Community Resources include:
Organizations that believe they may have been impacted by SUNBURST can request free access to the HUNTER platform here.
To have our community defense measures customized to your environment for free, or to receive ongoing intelligence briefings related to SUNBURST, contact Cyborg Security here.