{"id":3257,"date":"2020-12-21T15:16:39","date_gmt":"2020-12-21T19:16:39","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3257"},"modified":"2020-12-21T15:16:39","modified_gmt":"2020-12-21T19:16:39","slug":"the-key-lessons-from-the-solarwinds-orion-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/","title":{"rendered":"The Key Lessons from the SolarWinds Orion Breach"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-3058\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\" alt=\"The Key Lessons from the SolarWinds Orion Breach\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">We speak with no hyperbole when we say the SolarWinds Orion Breach might prove the definite cyber-attack of 2020. In fact, it may become the definitive breach since the Equifax hack in terms of impact and notoriety. But what exactly happened? And why does it matter to your <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity posture<\/a> in the coming year?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n<h2 style=\"text-align: justify\"><b>What is the SolarWinds Orion Breach?\u00a0<\/b><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">SolarWinds Orion offers centralized monitoring over organizational networks, enabling it to manage threat detection. It boasted about 33,000 customers at the time of the breach disclosure.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to multiple cybersecurity sources, including FireEye and Microsoft, it appears a hacking group infiltrated the SolarWinds Orion software through malware and then conducted a privilege escalation attack. With these privileges, the hackers established a backdoor into the Orion system, allowing them to create a malicious update that granted them visibility and mobility over victims.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">At time of writing, at least 18,000 organizations likely downloaded the malicious update, and thus suffered in the SolarWinds Orion Breach. Given that the breach appears to have begun in March, hackers enjoyed plenty of time to steal data via compromised emails, databases, and more.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In addition to multiple corporations, cybersecurity providers such as FireEye and multiple U.S. government departments suffered from the attack. As a result, the SolarWinds breach might end up becoming the largest cyber-breach conducted on the U.S. government in years.\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>What Does This Breach Mean?\u00a0<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Research indicates this breach likely resulted from a nation-state sponsored group, with affiliations with the Russian government suspected. The United States government has not made any definitive statements about suspected perpetrators, but this kind of \u201csupply chain\u201d attack is a signature of multiple Russian hacking groups.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, in a practical sense, it actually doesn\u2019t matter to your business who conducted the breach. Instead, you need to think about the practical implications of the breach.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">First, you absolutely need a secure SIEM solution that remains current with the threat landscape. While you may feel reluctant to trust central monitoring solutions in the wake of the breach your organization still needs cybersecurity. The alternative can leave your business even more vulnerable.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Additionally, if you are seeking a new provider, look for providers which specialize in defending against nation-states attacks. The breach indicates that nation-states will start transferring their military resources into the cyber-realm, which has fewer rules of engagement. Civilians, including you, may end up in the future crossfire.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Second, keep an eye out for potential updates from your current cybersecurity provider, if you use one. Most likely, the SolarWinds Orion Breach will motivate other providers to look harder for their own vulnerabilities and backdoors, closing them before hackers find them.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Yet you should also ensure that all such communications do legitimately come from your providers. Phishing attacks often build off chaos (as evidenced by the scores of COVID-19 related attacks) and this attack meets that definition. Always verify the authenticity of messages before following instructions.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">You can learn more in our <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0 We speak with no hyperbole when we say the SolarWinds Orion Breach might prove the definite cyber-attack of 2020. In fact, it may become the definitive breach since the Equifax hack in terms of impact and notoriety. But what exactly happened? [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":3058,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,95,145,112,86,48,21,57,22,83,1475,1476],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Key Lessons from the SolarWinds Orion Breach<\/title>\n<meta name=\"description\" content=\"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Key Lessons from the SolarWinds Orion Breach\" \/>\n<meta property=\"og:description\" content=\"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-21T19:16:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/\",\"name\":\"The Key Lessons from the SolarWinds Orion Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"datePublished\":\"2020-12-21T19:16:39+00:00\",\"dateModified\":\"2020-12-21T19:16:39+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Panther Labs Releases State of SIEM 2021 Report\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Key Lessons from the SolarWinds Orion Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Key Lessons from the SolarWinds Orion Breach","description":"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/","og_locale":"en_US","og_type":"article","og_title":"The Key Lessons from the SolarWinds Orion Breach","og_description":"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2020-12-21T19:16:39+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/","name":"The Key Lessons from the SolarWinds Orion Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","datePublished":"2020-12-21T19:16:39+00:00","dateModified":"2020-12-21T19:16:39+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"What are the key lessons from the SolarWinds Orion Breach currently dominating cybersecurity conversations?\u00a0Find out here.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/06\/Dark-web-mod.jpg","width":800,"height":400,"caption":"Panther Labs Releases State of SIEM 2021 Report"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-key-lessons-from-the-solarwinds-orion-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"The Key Lessons from the SolarWinds Orion Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3257"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3257"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3257\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/3058"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}