Syxsense Allows Users to Scan for SolarWinds® Orion® Vulnerability

By now, everyone should be aware of the significant hack linked to security vulnerabilities in SolarWinds® Orion® software – https://www.solarwinds.com/securityadvisory.

The team at Syxsense has received requests asking if Syxsense Manage and Secure can help identify endpoints that might have SolarWinds software installed.

The Syxsense inventory scanner can quickly identify devices with SolarWinds software. Simply run an inventory query for SolarWinds or Inventory Software Report to see a list of all endpoints with SolarWinds software installed. Syxsense’s software distribution features can also be helpful to initiate uninstalls of SolarWinds.

The Syxsense Secure platform uses Syxsense Realtime functions to dynamically scan all endpoints for SolarWinds software, including scanning the hard drives in real-time to look for the compromised “SolarWinds.Orion.Core.BusinessLayer.dll” by name or file hash, quarantining devices to stop lateral movement and thereby protecting the network. With added security, Syxsense blocks the execution of SolarWinds software until a security evaluation of potentially exposed endpoints can be completed.

 

For technical details on how the SolarWinds Compromise and SUNBURST Backdoor work, we recommend reading a report from IT Security Company FIREEYE – https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html