Zero Trust network security framework suggests that administrators trust no one and subject all users to full authentication and authorization prior to any user-to-application request. The National Institute of Standards and Technology (NIST) has published recommended best practices organizations can put in place to minimize cyber risk and exposure.

Business has grown beyond the confines of standard organizations. Now, employees and partners interact with company apps and data from any location (e.g. home offices, customer sites, or partner facilities). But even though many aspects of offsite connectivity have evolved, others desperately need to. While staff and integrated 3rd party remote work models are commonplace, the access models enabling them are outdated and broken.

Business has grown beyond the confines of standard organizations. Now, employees and partners interact with company apps and data from any location (e.g. home offices, customer sites, or partner facilities). But even though many aspects of offsite connectivity have evolved, others desperately need to. While staff and integrated 3rd party remote work models are commonplace, the access models enabling them are outdated and broken.

Enterprise private applications vary from big brand accounting applications to industry-specific applications. While many parts of enterprises have undergone digital transformation, the delivery and security of private applications to demanding business users have lagged. Fundamentally, they still rely on legacy security and access methods.

Before the ink was even dry on the SUNBURST headlines, another threat campaign ("SUPERNOVA"), run by a different threat actor, was discovered. This paper addresses the SolarWinds authentication bypass vulnerability, how SUPERNOVA exploits that vulnerability, and one way organizations can protect themselves against attacks like SUPERNOVA.