Confidently erase data in active environments and from used IT assets.
Boost services throughout the device lifecycle—from first sale to end-of-life.
Expedite processes, recover more marketable product, and increase services.
Home » Resources » Recovering Your Servers & Workstations After a SolarWinds Breach
Vivian is a career writer and editor, having covered technology-related topics for government and B2B organizations since before LinkedIn and the iPhone. As Blancco’s communications and content manager, she supports the development of thought-leadership-based copy for web, social media, and other Blancco communication channels.
SolarWinds’ Orion network monitoring program was recently hacked, providing a critical entry into over 18,000 government and private networks. This hack has been referred to as the “Pearl Harbor of American IT.”
The hack infiltrated the update server of the Orion program and allowed the perpetrators to appropriate user IDs, passwords, financial records, source codes, and anything else on these networks. The U.S. Cybersecurity Infrastructure and Security Agency (CISA) said the hack posed a “grave risk” to the US government at all levels.
This article is not to review the methods implemented to infiltrate the SolarWinds Orion program and SolarWinds clients, but to provide a best practice for securely and completely erasing (that is, verifiably scrubbing or wiping to achieve data sanitization) the potentially compromised IT assets so they can be reallocated and reused without being discarded or destroyed.
The infiltration caused multiple vulnerabilities in targeted networks. It is an unknown whether all IT assets of the affected organizations are compromised or if there are backdoors placed throughout devices. The extent of the “Dark Halo Supply Chain Attack” is still being analyzed. It is safe to assume that all systems have been compromised and necessary steps must be taken to mitigate additional exposure and rebuild the victim’s network.
Compromised IT assets can include servers, SANs, workstations, and other IT assets. The reallocation of IT assets and the rebuild of the network is a monumental task. Our purpose is to provide steps to properly sanitize IT assets to be redeployed in a network.
The drive erasure on each device can be performed by a multitude of erasure products and OEM tools. Blancco Drive Eraser is the most certified data erasure software in the world and supports adherance to global standards like NIST and BSI and ensures data destruction compliance with regulations like GDPR, HIPAA and Common Criteria.
Blancco data erasure solutions ensure that all data on the drive, including within the host-protected area (HPA), device configuration overlay (DCO), and Trusted Platform Module (TPM) chip is securely erased then verifies the erasure before issuing a tamper-proof certificate of erasure. This stringent process ensures the full device is completely sanitized and ready to be reallocated to a newly rebuilt network.
For servers, workstations, and other assets with HDD, SSD, or NVMe drives, Blancco Drive Eraser uses industry-leading overwriting methods to obliterate data across the full logical capacity of the drive (and not just compressed). This ensures that no data is left behind and the device is no longer compromised, confidently redeeming your IT assets for continued use.
Blancco Drive Eraser and all associated Blancco hardware solutions provide NIST Clear and Purge-level data sanitization and implement ATA SecureErase/SanitizeDisk commands.
Is your organization more comfortable with a DoD wipe or a regional standard? With support for more than 25 globally recognized data sanitization standards and its patented SSD erasure method, Blancco Drive Eraser is more than capable of performing the erasure pattern required by your regulatory body or internal policy.
Need an erasure solution not outlined above? Consider our product page for more options.
See how with a free data erasure trial.