The SolarWinds/SUNBURST attack dominated threat intelligence activity last month and continues to unfold. For more information about SolarWinds, please see this blog post on IronNet’s website.
While information on these intrusions is still incomplete, IronNet is taking proactive steps to ensure the security of our internal networks and our customers’ networks. You can read more in our January Threat Intelligence Brief about the steps we are taking. In addition, you can find coverage of the SolarWinds tactics, techniques, and procedures (TTPs) here, and the blog “SolarWinds/SUNBURST: DGA or DNS Tunneling?” by our threat analysis lead Peter Rydzynski takes a look at this subtle, but important, distinction for identifying attackers' behaviors — and predicting their next moves.
We look to behavioral analytics to detect such unknown threats on enterprise networks. First, we do the threat detection groundwork needed to spot abnormal network activity across our customers’ networks. Second, our expert system scores these alerts, prioritizing the most interesting events to help cut down on alert fatigue. Finally, we take a Collective Defense approach to threat sharing in real time.