SOLARWINDS – A SANS Lightning Summit

This hour and a half long Lightning Summit will feature six different 10-minute talks from SANS instructors across various disciplines. It has been over a month since SolarWinds made public that it was breached and a backdoor known as SUNBURST had been inserted into its flagship product. During the last month, the information security community has come together to share and learn about how to defend against this attack. In this SANS Lightning Summit, SANS instructors will present lightning talks summarizing some of the key lessons learned. The compromised SolarWinds Orion platform is at the heart of many organizations. It monitors and manages enterprise infrastructure. The platform has full access to all managed assets. This made the backdoor attackers introduced into SolarWinds Orion a worst-case scenario supply chain attack. The attack started as early as March, but was not detected until December which provided ample time for attackers to roam and compromise the networks managed by SolarWinds Orion. You will learn: about the larger concern of supply chain attacks how others have approached it (good and bad) what you may have missed about SolarWinds/Sunburst what it means to have a trust compromise and how to recover how you are able to protect yourself or detect compromise Talks include: Overview and Intro - Rob Lee FOR508 Advanced Incident Response Author and Instructor KEY CTI Takeaways - - Katie Nickels FOR578 Cyber Threat Intelligence Instructors Hunting and incident response key takeaways from the field - Mark Bristow ICS515: ICS Active Defense and Incident Response Instructor Takeaways from SolarWinds Malware Analysis and why it is important - - - - Evan Dygert FOR610 Malware Analysis Instructor Best and Worst organizational approaches to SolarWinds/SunBurst Incident (Detection, Response, Remediation). Rating effective hunting approaches for SolarWinds. - Mike Murr Blue Team Approaches in Preventing and Detection of SolarWinds in the Future - John Hubbard SEC450: Blue Team Fundamentals: Security Operations and Analysis Author and Instructor Beyond SolarWinds: What we need to learn about supply chain attacks NOW. - Dr. Johannes Ulrich Internet Storm Center Lead SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.