SOLARWINDS A SANS Lightning Summit

  • Thursday, 04 Feb 2021 12:00PM EST (04 Feb 2021 17:00 UTC)
  • Speakers: Michael Murr, Rob Lee, Dr. Johannes Ullrich, Evan Dygert, John Hubbard, Mark Bristow, Katie Nickels

This hour and a half long Lightning Summit will feature six different 10-minute talks from SANS instructors across various disciplines.

It has been over a month since SolarWinds made public that it was breached and a backdoor known as SUNBURST had been inserted into its flagship product. During the last month, the information security community has come together to share and learn about how to defend against this attack. In this SANS Lightning Summit, SANS instructors will present lightning talks summarizing some of the key lessons learned.

The compromised SolarWinds Orion platform is at the heart of many organizations. It monitors and manages enterprise infrastructure. The platform has full access to all managed assets. This made the backdoor attackers introduced into SolarWinds Orion a worst-case scenario supply chain attack. The attack started as early as March, but was not detected until December which provided ample time for attackers to roam and compromise the networks managed by SolarWinds Orion.

You will learn: '

  • about the larger concern of supply chain attacks
  • how others have approached it (good and bad)
  • what you may have missed about SolarWinds/Sunburst
  • what it means to have a trust compromise and how to recover
  • how you are able to protect yourself or detect compromise

Talks include:

Overview and Intro - Rob Lee ' FOR508 Advanced Incident Response Author and Instructor

  1. KEY CTI Takeaways - - Katie Nickels ' FOR578 Cyber Threat Intelligence Instructors
  2. Hunting and incident response key takeaways from the field - Mark Bristow ' ICS515: ICS Active Defense and Incident Response Instructor
  3. Takeaways from SolarWinds Malware Analysis and why it is important - 'Evan Dygert ' FOR610 Malware Analysis Instructor
  4. Best and Worst organizational approaches to SolarWinds/SunBurst Incident (Detection, Response, Remediation). 'Rating effective hunting approaches for SolarWinds. - Mike Murr
  5. Blue Team Approaches in Preventing and 'Detection of SolarWinds in the Future - John Hubbard ' SEC450: Blue Team Fundamentals: Security Operations and Analysis Author and Instructor
  6. Beyond SolarWinds: What we need to learn about supply chain attacks NOW. - Dr. Johannes Ulrich ' Internet Storm Center Lead

SolarWinds/Sunburst Panel with all 6 Speakers and moderator for 30 min at the end.


Rob Lee

Katie Nickels

Mark Bristow

Evan Dygert

Mike Murr

John Hubbard

Dr. Johannes Ullrich