[Boston, MA] — [Dec 22, 2020] — ARIA Cybersecurity Solutions, a CSPi business (NASDAQ: CSPi) that delivers a software-defined approach for improved cyber-attack incident response, today announced the free use of the ARIA Advanced Detection and Response (ADR) for a three-month period to detect and stop the on-going attacks in the 18,000 organizations potentially impacted by the “SUNBURST” enabled cyber attack.
The Cyber Infrastructure Security Agency (CISA) has classified the attack that has hamstrung over a dozen agencies, three states, and hundreds of commercial organizations as an Advanced Persistent Threat (APT). Upon penetrating the organization via the “SUNBURST” hack to the Orion code, the “bad actor” actively uses the network to access as many vulnerable systems as possible while using techniques to try and hide their actions.
CISA officials were quoted as saying, “This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”
The SolarWinds Orion Platform is installed in 33,000 U.S. Government and global organizations. By design, the platform accesses an extensive portion of an organization’s network, making the potential for damage enormous.
The CISA alert notes that the perpetrators used their initial entry to gain additional privileged access allowing them to further penetrate the organization’s network. If the attackers are already inside the network, disabling SolarWinds’ Orion is futile. In addition, Microsoft alerted its customers that their environments were also compromised, indicating that its security tools were also ineffective at finding and stopping the attack.
ARIA’s Advanced Detection and Response (ADR) solution is designed to find and stop all forms of attacks, including APTs such as this one.
“The ARIA ADR solution is unique as it automatically, and in real-time, detects, verifies, and stops any attack as it become active. ARIA ADR is an ideal add-on to current security tools. We often replace legacy security information and event management (SIEM) solutions and other security tools that were not designed to stop modern attacks.,” said Gary Southwell, ARIA Cybersecurity Vice President and General Manager, CSPi. “For instance, after the 2015 OPM breach, the Department of Homeland Security mandated the deployment of Splunk Enterprise Security across all civilian government agencies. Yet, Splunk, like other SIEMs, is best suited for highly-trained SOC analysts to manually search log infrastructure for IOCs, typically to try and find out what happened after the fact. It’s not designed to automatically find and stop threats, certainly not modern attacks like APTs, zero-day malware, ransomware, or other sophisticated intrusions and data exfiltrations. This is where ARIA ADR shines not only for automated threat detection but also for quick return on investment in tools and operational savings.”
Once deployed in a network, ARIA ADR works out of the box, requiring no special configuration. It is purpose-built to automatically find and stop all forms of attacks, including APTs such as this one. With 70+ patented threat models preloaded onto the solution it can detect any attacker’s actions and behaviors, making it a highly effective threat detection and response solution. It then leverages advanced machine learning (ML) to pick up on these behaviors by monitoring all network data, the security and IT architecture, and deployed applications. Using artificial intelligence (AI) it finds any bad actors, verifies their activity and correlates their actions before declaring a confirmed threat.
The ARIA ADR AI provides the push button or fully automated ability to knock the attacker off the network, disable the use of compromised credentials, and/or stop all attack related communication without taking any systems off-line.
ARIA Cybersecurity is extending the free use of ARIA ADR for a three-month period to detect and stop these threat actors and their activity related to the APT attack. The ARIA ADR solution is appropriate for all size organizations, as it can be dropped into any environment, works out of the box, and requires no trained staff. If the customer is happy with the solution, they can elect to pay for a monthly subscription thereafter.
Contact ARIA Cybersecurity solutions at ARIAsales@ariacybersecurity.com to get your free access to stop the attack.
ABOUT ARIA CYBERSECURITY SOLUTIONS
ARIA Cybersecurity Solutions, a business of CSPi Inc., recognizes that better, stronger, more effective cybersecurity starts with a smarter approach. Our solutions provide new ways to monitor internal traffic, while capturing and feeding the right mix of analytics to security tools like SIEMs or our ARIA ADR solution to substantially improve threat detection and surgically disrupt cyberattacks and data exfiltrations. Customers in a range of industries rely on our solutions to improve their security posture—no matter their environment. ARIA Cybersecurity Solutions include ARIA Software-Defined Security (SDS), Myricom SmartNIC network adapters, and nVoy Security appliances. With a proven track record supporting the Department of Defense and many intelligence agencies in their war on terror, and an award-winning portfolio of security solutions, ARIA Cybersecurity Solutions is committed to leading the way to ensure cybersecurity success. Learn more at ARIACybersecurity.com