Your Cart
Added to Cart
There's nothing in your cart
per endpoint / per year
Updating cart...
Learning Center
What was the SUNBURST attack and why was it so impactful? |
Watch: CrowdStrike’s CEO give an overview Read: Overview of Sunburst and FireEye Attack |
What were the key techniques and compromises involved? |
SUNBURST TTPs (Tactics, Techniques and Procedures) How CrowdStrike Detects and Prevents Sunburst Post-Exploit Activities Identity Compromise: Lateral Movement Blog Identity Compromise: Lateral Movement Overview Video Identity Compromise: Lateral Movement Attack Demo Endpoint Infection: Common Defense Evasion Techniques |
Hear how CrowdStrike detects and mitigates key Sunburst TTPs.
Register NowLearn how Zero Trust can reduce risk and reduce cost.
Register Now
(may require login)
Leverage the12 month Look-back: Use the Indicator Graph to search for IOCs across the 12 months of data that Falcon stores.
Quick bulk hash search: rapidly search for key hashes to find IOC’s quickly.
See all IOCs and detections in one place: the SUNBURST Dashboard.
Review the CrowdStrike Intelligence reports to up level threat intelligence knowledge.
Get IOCs from web pages: CrowdScrape Browser Extension. See a demo.
CRT Tool: Assess current configuration and permission settings in your MS Azure infrastructure.
Sunburst IOCs and Yara rules from the CrowdStrike security research team.
Also see FireEye’s published IOCs.
(may require login)
Review Falcon prevention settings including sensor tampering protection and ML detection options.
Learn about a targeted remediation routine to automatically take action on weaponized DLLs.
Use remote vulnerability patching. Learn how to deploy key patches (like the recommended VMware patch) even if admins are remote.
See all IOCs and detections in one place: the SUNBURST Dashboard.
CRT Tool. This tool enables users to check hard-to-find configurations and permission settings in Azure (a vector used in the attack).
CISA Guidance. NSA and CISA issued guidance on detection and mitigation of the attack.
VMware Patch. This enables patching a key vulnerability in VMware software (a vector used in the attack).
Quickstart Guide. It includes the top eight best practices for securing cloud-native applications.
AD Hardening Guide. This guides details key steps to harden Active Directory.
The tactics and techniques used in SUNBURST have been used in other attacks, such as the Maze ransomware and previous supply chain attacks like the OPM breach. This means that future attacks that may differ from SUNBURST will use the same key elements, and organizations can still protect themselves proactively. The core tenets of cybersecurity remain true: Understand what assets are under your control and which ones are protected, establish control and baselines of security, and implement the continuous cycle of monitoring, assessing risk and implementing improvements.
The CrowdStrike Falcon® platform stops incidents like SUNBURST from becoming breaches, and solves critical cybersecurity use-cases through the range of flexible product modules and partner integrations, as well as managed services and incident response services to address your organization’s specific IT environment and security requirements.
CrowdStrike’s strategic advisory services and technical advisory services will help you answer:
Understand and validate if your organization is currently breached or has been breached at some point in the past.
The CrowdStrike® Services team of incident responders and cybersecurity experts is ready to help your organization understand its security maturity.
The CrowdStrike® Services team of incident responders and cybersecurity experts will help assess if you are ready for the next attack or assessment.
Detect stealthy evasion techniques and tampering attempts to enable instant action from one-click-containment and auto-remediation to rapid patching and investigation with CrowdStrike data for the past 12 months.
Learn MoreFalcon Zero TrustTM enables frictionless security with real-time threat prevention and IT policy enforcement using identity, behavioral and risk analytics to stop identity-based attacks like lateral movement.
Request DemoExpose sophisticated threats faster with groundbreaking research. CrowdStrike Falcon® Intelligence Premium helps you understand and detect attacker TTPs.
Learn MoreFalcon Horizon provides visibility across your Azure infrastructure, combined with continuous monitoring for misconfigurations, and proactive threat detection — enabling DevOps teams to stay secure while building in the cloud.
Read Guide
Your Privacy Choices
