Start your assessment

How Do You Navigate the SolarStorm* Attack?

*SolarStorm is the name we assigned to the recent campaign of attacks connected to a suspected nation state actor behind the SolarWinds SUNBURST malware

How Can We Help?

SolarStorm Rapid Response Programs

Rapid Response Security Assessment

Solarstorm Rapid Assessment

Assess Your Exposure for Free in 72 hours

Our team will help you locate the at-risk servers owned by your organization and assess whether you’ve been compromised free of charge. After we’ve completed our analysis, we’ll provide you with a SolarStorm Assessment Report brought to you by Expanse and Unit 42.

Start your assessment now

OR

Rapid Response Security Assessment-2

Solarstorm Initial Cybersecure Engagement

Investigate, Remediate and Protect

If you think you are exposed, we can directly engage an expert team dedicated to this program, for a full investigation and remediation of the incident, which includes 200 Unit 42 IR hours, two months of Expanse and two months of Cortex XDR.

Start your engagement now
Nikesh-Arora
Nikesh Arora CEO and Chairman
quote

If you think you are prepared for what comes next, you are not.

Read the blog post
Nikesh Arora CEO and Chairman
Read the blog post
Threat Research

Latest from Unit42

Threat Brief

A Timeline Perspective of the SolarStorm Supply-Chain Attack

Based on extensive research and their direct experience defending against the threat, Unit 42 publishes a timeline of the SolarStorm attack to ensure the cybersecurity community gets a complete picture of it as quickly as possible.
Threat Brief

SolarStorm and SUNBURST Customer Coverage

The SolarStorm threat group has compromised organizations across the globe using a supply chain attack. Using a trojanized update file for the SolarWinds Orion Platform, the threat group has compromised numerous organizations and infected countless servers.
Web Briefing

SolarStorm Threat Briefing

In this informative session on how to navigate the SolarStorm attack, Ryan Olson, leader of Palo Alto Networks Unit 42 Threat Research team provides an overview of what we currently know about the attack, and offers effective countermeasures you can take today to help protect your organization.
Expert Discussions

Understanding SolarStorm

Rapid Response Security Experts

EXPERT DISCUSSION

Understanding the SolarStorm Threat

Video
Palo Alto Networks leaders get together to discuss the threat actor that has taken over the security agenda.
Rapid Response Security Assessment-2

WEBINAR SERIES

Navigating the current SolarStorm and future attacks

March 9, 9:00 AM PST
Will the US Government Recognize SolarWinds as a Cyber Inflection Point?
SolarStorm white paper

"Recently, we experienced an attempt to download Cobalt Strike on one of our IT SolarWinds servers. Cortex XDR instantly blocked the attempt with our Behavioral Threat Protection capability...it became clear that the incident we prevented was an attempted SolarStorm attack." - Nikesh Arora, CEO

XDR technology is disrupting cybersecurity by driving behavioral threat protection across all security data sources instead of established data silos. This means fewer blind spots and much better protection against advanced attacks.
CORTEX RESOURCES FOR SOLARSTORM
Datasheet

SolarStorm Rapid Response Datasheet

To help you assess, remediate, and recover from the SolarStorm attack, Palo Alto Networks has developed a SolarStorm Rapid Assessment and a SolarStorm Cybersecure Engagement. Read this datasheet to learn about these two offerings.

Read now
Blog

Cortex XSOAR Rapid Response Playbook

Cortex XSOAR has launched a rapid response playbook to speed up the discovery of SolarWind installations within your network and uncover signs of a potential SolarStorm activity.

Read now
Video

Cortex XDR SolarStorm Impact Reports

The Cortex XDR Managed Threat Hunting team carried out searches in all XDR customer environments this week for any attack indicators. Maintaining a high level of privacy, they were able to notify customers who need to perform further investigation.

Learn more
Blog

Expanse Reveals SolarWinds Breach and Attacker Communications

Expanse leverages capabilities of its Expander and Behavior products to identify Internet-facing SolarWinds instances and detect customer communications with threat actor infrastructure.

Read more

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability