Advertisement
If you use the recently compromised SolarWinds Orion monitoring products, you are already reviewing your infrastructure and possibly blocking network access to the servers in your domain. For those of you who do not use the SolarWinds software, this is an opportunity to review your own processes and determine whether you would have detected the compromised code and backdoors.
The instructions for mitigating the SolarWinds compromise, provided by the US Cybersecurity and Infrastructure Security Agency (CISA), are a good example of the process required to identify and remove sophisticated advanced persistent threats (APTs), even those executed by nation-states.