How to Easily Detect Compromised Software

by in IT Operations Management

Universal Discovery can find compromised software installations across your entire hybrid IT environment. Find out how from one of Micro Focus’ Pres-Sales experts: Louis Kim.

Here is a "guest blog" by Louis that I am reposting here because the content is helpful!

 “On Dec. 13, 2021, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.”

This vulnerability essentially allows hackers to gain access to victims through trojanized updates to SolarWinds’ Orion IT monitoring and management software. There is a growing consensus across the security community that these actions were orchestrated through the efforts of a nation-state through a hacker consortium, so this is not your average hack.  It did leave many people and organizations questioning if they were vulnerable though.

And it appears the same hacking group is still at it, using compromised and vulnerable software to insert malicious code into computers—as the 25 May 2021 attack through Constant Contact shows.

While software vulnerabilities always exist, any IT person, security professional, or hacker knows there is a lot of compromised software out there across thousands of companies and government agencies. What hackers are hoping is that IT departments aren’t diligent with their patching—or that organizations will miss doing a complete inventory of their vulnerable software and leave a backdoor open.

Micro Focus Universal Discovery is a solution that can be used to run discoveries across the entire enterprise and identify versions of, any known, compromised software. This provides the ability to quickly identify, or “sniff out”, the affected software so that remediation actions can be taken.

Universal Discovery can run across the entire enterprise and not just production environments too. Some infrastructure managers might have a pretty good understanding of their production environment, but they often give less attention to supporting environments such as staging, test, and dev systems. And it is in these environments that compromised versions of software may still reside, continuing to pose considerable risk to the organization. Better yet, Universal Discovery not only identifies discrete static elements, but also uniquely discovers all the relationships between the infrastructure, network, and applications. By having this ability, you can gain enormous insights across the entire enterprise to assess the impact of an incident, change, event, or vulnerability and gauge its criticality.

Micro Focus Universal Discovery is the leading discovery tool that has the broadest and deepest discovery capabilities in the market. More importantly, it is an ideal solution when it comes to being able to quickly determine an organization’s software compliance position, or even in identifying specific software that may contain security exploits such as SolarWinds. One of the key benefits of the Universal Discovery and UCMDB is that it can leverage both agent-based as well as agentless technologies to detect the presence of vulnerable software. This is in addition to the numerous native-direct application-level discovery capabilities which can further expose specific versions of software. Now couple that with the need to discover across multiple deployment platforms and environments which include the Public Cloud (i.e. AWS, Azure, GCP, etc.), Kubernetes and containers, Private Cloud, as well as Hybrid, and you begin to realize how vast of an enterprise expanse for which you need coverage across. Micro Focus Universal Discovery can do it all, and it has an extremely compelling solution to help with gaining visibility into the complete enterprise – be it to discover and detect specific software to gain compliance positioning, or to discover and detect any known, vulnerable software products out there in the enterprise!

It goes without saying, but SolarWinds is merely one application example, among thousands more, that can be discovered and detected to drive any number of policies in support of compliance or operations efforts.

Figure 1: Sample view in Universal Discovery showing a compromised version of SolarWinds (2020.2.1), and the system in which it was installed (i.e. obadb server)

Figure 2: Sample view of the CMS UI searching for SolarWinds and finding the specific version (2020.2.1) which is compromised.

Micro Focus Universal Discovery help make your organization safer and more secure by providing a centralized record of what vulnerable software is installed where for IT and SecOps to act on.  Don’t let hackers get the upper hand by letting compromised software linger in your hybrid IT environments. A diligent discovery and configuration management practice can help you quickly identify where vulnerable software is running and then be used to verify that software has been patched.

Labels:

Discovery & CMDB
Anonymous