{"id":62802,"date":"2021-01-26T09:20:21","date_gmt":"2021-01-26T17:20:21","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=62802"},"modified":"2021-02-10T07:29:04","modified_gmt":"2021-02-10T15:29:04","slug":"forescouts-commitment-to-cybersecurity-update-on-solarwinds","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/forescouts-commitment-to-cybersecurity-update-on-solarwinds\/","title":{"rendered":"Forescout’s Commitment to CyberSecurity: Update on SolarWinds"},"content":{"rendered":"

Updates:<\/em><\/strong>
January 26, 2021: Forescout has found no evidence of compromise by SuperNova or Raindrop<\/em><\/a><\/p>\n

January 6, 2021: Forescout re-enables additional product downloads following thorough precautionary security review<\/em><\/a><\/p>\n

December 24, 2020: Forescout re-enables product downloads following thorough precautionary security review<\/em><\/a><\/p>\n

December 22, 2020: Updates available for Forescout eyeSight and eyeInspect to detect vulnerable software versions and SUNBURST malware. Additional mitigation best practices leveraging eyeSegment.<\/em><\/a><\/p>\n

December 19, 2020: Forescout has temporarily disabled product downloads as a precautionary measure.<\/em><\/a><\/p>\n

JANUARY 26 UPDATE<\/strong><\/p>\n

In light of recent public disclosures by Symantec<\/a> and other security agencies, we have conducted further investigations in this fluid and ongoing situation.<\/p>\n

Forescout has reviewed the recent disclosures around the additional vulnerabilities found in context of SolarWinds, named Raindrop and SuperNova. As previously stated, Forescout does not currently run any versions of SolarWinds Orion software.<\/p>\n

Prior to the SolarWinds revelations, Forescout previously ran SolarWinds version 2018.2 and 2016.1.5300, which may be vulnerable according to the SolarWinds security advisory. We conducted further investigations and analyzed our logs, backups and the potentially vulnerable SolarWinds files and found no evidence that Forescout has been compromised by SuperNova or Raindrop.<\/p>\n

We will continue to provide updates as the situation dictates.<\/p>\n

JANUARY 6 UPDATE<\/strong><\/p>\n

Forescout recently disabled product downloads for Per-Appliance Licensing (PAL) customers from the Product Updates Portal in order to conduct a precautionary security review following the SolarWinds incident. Following the review and validation of our software delivery systems, Forescout is now re-enabling product downloads for PAL customers through the Forescout Customer Support Portal.<\/p>\n

PAL customers will have access to all product downloads starting from platform version 8.0 (CounterACT). Downloads for CounterACT version 7.0 are currently unavailable from the site. If you need to access these downloads, contact Forescout Customer Care.<\/p>\n

Our security teams continue to conduct precautionary security reviews in order to protect our customers. These reviews are being taken in an abundance of caution as Forescout does not currently use SolarWinds software\u202fand has never used the known affected versions of the SolarWinds products within our environment.<\/p>\n

DECEMBER 24 UPDATE<\/strong><\/p>\n

After an extensive validation of the integrity of our product binaries and review of our software delivery chain, we are re-enabling product downloads from our Flexx customer entitlement portal. Other product download mechanisms will be enabled at a later phase.<\/p>\n

\n

While we do not currently use SolarWinds software and have never used the affected versions in our environments, we felt this was a precautionary step we could take to validate our systems and protect our customers. We will continue to provide additional updates on this blog.<\/p>\n

DECEMBER 22 UPDATE<\/strong> <\/p>\n

Forescout has released updated policy templates and scripts to help customers detect vulnerable software versions and presence of SUNBURST malware. <\/p>\n

eyeSight Security Policy Template for Vulnerability Detection<\/strong> <\/p>\n

Customers can now leverage a new Security Policy Template (SPT) dedicated to this issue, that evaluates Windows endpoints to identify vulnerable systems. To deploy this policy, customers can download SPT Module version 20.0.13 here<\/a>, the Help File here<\/a>, and the Release Notes here<\/a>. <\/p>\n

This policy uses passive and\/or active inspection methods to evaluate endpoints. Vulnerability detection is based on the presence of “SUNBURST” malware and other suspicious SolarWinds applications and services, related open ports and other factors. This vulnerability is tracked as FireEye UNC2452. The SPT also detects CVE 2019-9546. See the full advisory here<\/a>.  <\/p>\n

Recommendations for policy deployment: <\/p>\n