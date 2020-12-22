BOSTON, Dec. 21, 2020 (GLOBE NEWSWIRE) -- ARIA Cybersecurity Solutions , a CSPi business (NASDAQ: CSPi) that delivers a software-defined approach for improved cyber-attack incident response, today announced the free use of the ARIA Advanced Detection and Response (ADR) for a three-month period to detect and stop the on-going attacks in the 18,000 organizations potentially impacted by the "SUNBURST" enabled cyber attack.

The Cyber Infrastructure Security Agency (CISA) has classified the attack that has hamstrung over a dozen agencies, three states, and hundreds of commercial organizations as an Advanced Persistent Threat (APT). Upon penetrating the organization via the “SUNBURST” hack to the Orion code, the “bad actor” actively uses the network to access as many vulnerable systems as possible while using techniques to try and hide their actions.

CISA officials were quoted as saying, “This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.” The SolarWinds Orion Platform is installed in 33,000 U.S. Government and global organizations. By design, the platform accesses an extensive portion of an organization's network, making the potential for damage enormous.

The CISA alert notes that the perpetrators used their initial entry to gain additional privileged access allowing them to further penetrate the organization's network. If the attackers are already inside the network, disabling SolarWinds’ Orion is futile. In addition, Microsoft alerted its customers that their environments were also compromised, indicating that its security tools were also ineffective at finding and stopping the attack.

ARIA’s Advanced Detection and Response (ADR) solution is designed to find and stop all forms of attacks, including APTs such as this one.

“The ARIA ADR solution is unique as it automatically, and in real-time, detects, verifies, and stops any attack as it become active. ARIA ADR is an ideal add-on to current security tools. We often replace legacy security information and event management (SIEM) solutions and other security tools that were not designed to stop modern attacks,” said Gary Southwell, ARIA Cybersecurity Vice President and General Manager, CSPi. “For instance, after the 2015 OPM breach, the Department of Homeland Security mandated the deployment of Splunk Enterprise Security across all civilian government agencies. Yet, Splunk, like other SIEMs, is best suited for highly-trained SOC analysts to manually search log infrastructure for IOCs, typically to try and find out what happened after the fact. It’s not designed to automatically find and stop threats, certainly not modern attacks like APTs, zero-day malware, ransomware, or other sophisticated intrusions and data exfiltrations. This is where ARIA ADR shines not only for automated threat detection but also for quick return on investment in tools and operational savings.”