BMC response to the SolarWinds Breach Critical compromise to the Solarwinds Orion platform has created an immediate need to respond to the threat from a likely state sponsored actor (Russia)

1. S T A T E M E N T F R O M B M C & P A R K P L A C E T E C H N O L O G E S
Information & Resources regarding SolarWinds Orion Incident
As many are aware, SolarWinds Orion products experienced a security incident that has
comprised private and public companies alike. BMC and Park Place Technologies are
sympathetic towards any organization that may have been impacted. Given our valued
relationship with you and your business, our security team has compiled and recommended
the following actions and resources to work through this incident, should you be comprised.
1. Review the most current information to determine if your version of software was
vulnerable. SolarWinds has published a security advisory. With an incident of this
magnitude, information is subject to change, so continue to review communications, and
check their website frequently. Depending on your risk tolerance, you may want to
immediately disconnect or power down related software.
2. If your software version has been impacted, start your incident response processes, and
engage your teams to start gathering information.
3. Ask your security team to review and check for indicators of compromise. This will help
you scope the incident and understand how to apply your resources for remediation.
Some good resources include:
a. FireEye Threat Research
b. FireEye Mandiant SunBurst Countermeasures (GitHub)
c. CISA Active Exploitation of SolarWinds Software Activity Report
d. Internet Storm Center Solarigate Report
e. DHS Emergency Directive 21-01
4. Monitor the progress of your security vendors. Signatures and detection capabilities will
be released, so make sure that your security tools are updated with the latest capabilities.
As a valued customer, if you’re temporarily shutting down your SolarWinds Orion Network
Management products and looking for alternative solutions to monitor and ensure uptime in
your infrastructure; we’d like to extend a 90-day free offer on Entuity Network Analytics to
assist you in monitoring your infrastructure while you work to isolate any potential
compromised hosts. Please reach out to us if you would like a demo of Entuity Network
Analytics software.
Additionally, BMC offers solutions that fully automate the remediation of network security
vulnerabilities, from detection of the exposure to closure, and deliver results 10X faster than
manual methods. Please reach out to us if you would like a demo or to learn more about
how Entuity minimizes the risk profile of vulnerabilities on your network, and how BMC can
improve your overall vulnerability management process.

2. GLOBAL HEADQUARTERS
5910 Landerbrook Drive | Cleveland, Ohio 44124 | United States
Offices and service locations world-wide.
CONTACT US
P: +1 877.778.8707
Toll-free access from 46 countries
ParkPlaceTechnologies.com
• AUTO DISCOVERY AND INVENTORY
• SUREPATH APPLICATION PATH MONITORING
• LIVE TOPOLOGY AND GEOGRAPHIC MAPS
• EVENTS MANAGEMENT
• ROOT CAUSE ANALYSIS
• CONFIGURATION MANAGEMENT AND MONITORING
• MULTI-CLOUD SUPPORT — AWS, AZURE
• SEAMLESS AND INFINITE SCALABILITY
• ELEMENTAL PERFORMANCE
• INTEGRATED TRAFFIC FLOW, NBAR SUPPORT
• CUSTOMIZABLE REPORTING / DYNAMIC DASHBOARDS
• INTEGRATED VIRTUAL / PHYSICAL MANAGEMENT
• 100% MOBILE RESPONSIVE
• THIRD PARTY VENDOR INTEGRATIONS AVAILABLE
Entuity Network Analytics Includes Everything You Need to Manage Your Digital Environment
Including:
Uncommon Versatility —
Integration with BMC Solutions
The powerful association between ENA and BMC
solutions allow users to better monitor application
health by detecting potential network problems
that may be affecting application service delivery.
ENA integration modules are also available for the
following BMC products:
• BMC TrueSight Network Automation
• BMC TrueSight Capacity Optimization
ENA Built-In Modules Supply
Specialized Functionality
Entuity Network Analytics contains modules for
specific management capabilities: SurePath
Application Monitoring, IBM BladeCenters, QoS,
MPLS, Firewalls, Cisco Unified Communications
Manager, Cisco IPSLA, Wireless, Cisco ACI, High
Availability, Routing Protocols and VPN Gateways.
Network Management for Today and Tomorrow
Representing a solid alternative to multiple disparate network tools and expensive platform solutions, Entuity Network Analytics is known for
its short training time and ease of management and administration. It adapts to how you wish to manage your environment and is up and
running within hours.
For more information visit: Entuity.com
The ENA NetFlow Dashboard provides at-a-glance traffic details for ease of monitoring.
© 2020 All rights reserved. Entuity is a trademark of Park Place Technologies.
All other company and product names are trademarks or registered
trademarks of their respective companies.
Entuity.com | DS-04-2020
E N T U I T Y N E T W O R K A N A LY T I C S D ATA S H E E T

3. PRODUCT DESCRIPTION
TrueSight Automation for Networks is a scalable, industry-leading solution that
automates the management of security vulnerabilities, configurations, compliance, and
provisioning. Network administrators can quickly take corrective action to reduce the
risk of breaches and reduce network outages. It also increases staff productivity and
allows labor to be shifted to more strategic tasks.
BUSINESS CHALLENGE
Today, IT organizations depend on high performing networks to keep their businesses
running at peak efficiency. They also need to make frequent network changes to
support new applications or business services. Additionally, new security threats emerge
every day, making it difficult to maintain a secure environment and achieve SLAs.
Often, these changes are executed manually, through device-by-device interactions via
CLIs or scripting. Detecting security vulnerabilities can require interfacing with
multiple hardware and software tools—and if a device is found to be vulnerable, IT
must take corrective action manually, risking errors that may cause expensive
downtime or failures.
BMC SOLUTION
TrueSight Automation for Networks helps close the window of vulnerability with
native, scan-less detection of security risks in real-time and one-touch rule generation
remediation actions. With this single solution, IT staff can manage physical and virtual
network devices, as well as SDN infrastructures, across most major platforms—
improving network agility and ensuring compliance.
Drive agility, security, and compliance across
your physical, virtual, and SDN infrastructure
TrueSight Automation
for Networks
KEY FEATURES
TrueSight Automation for Networks helps
admins automate and accelerate vulnerability
management, provisioning, configuration,
auditing, and maintenance of network
devices including routers, switches, load
balancers, firewalls, and IDS solutions.
• Vulnerability management – Fast,
automated, scanless detection of
vulnerabilities and automated remediation
based on Cisco®
security advisories and the
National Vulnerability Database (NVD).
• Compliance – Built-in templates for
regulatory compliance, plus closed-loop
change tracking.
• SmartMerge – Auto-generate scripts to
execute changes or rollback entire
configurations without rebooting.
• Real-time status – Get configuration,
compliance or security data from across
the entire network in minutes.
• Scalability – Includes a multi-server
administration portal for greater scalability
and ease-of-use
KEY BENEFITS
• Accelerate consistent, high-volume
network changes for greater uptime
• Reduce mean time to resolution (MTTR)
with visibility into change details and
business services impacted
Intuitive, interactive UI facilitates
triage and remediation.
Datasheet

4. BMC, BMC Software, the BMC logo, and the BMC Software logo, and all other BMC Software product and service names are owned by BMC Software, Inc. and
are registered or pending registration in the US Patent and Trademark Office or in the trademark offices of other countries. All other trademarks belong to
their respective companies. © Copyright 2019 BMC Software, Inc.
About BMC
BMC delivers software, services, and expertise to help more than 10,000 customers, including 92% of the Forbes Global 100, meet escalating digital demands and
maximize IT innovation. From mainframe to mobile to multi-cloud and beyond, our solutions empower enterprises of every size and industry to run and reinvent
their businesses with efficiency, security, and momentum for the future.
BMC – Run and Reinvent www.bmc.com
PRODUCT DETAILS
Automated Security Vulnerability Management: Intuitive,
easy-to-use dashboards provide visibility to vulnerabilities,
analyze them, set priorities, link vulnerabilities to identified fixes
or configuration changes, and take automated corrective action.
Leverage out-of-the-box content for Cisco®
security advisories,
or NIST National Vulnerability DB for vulnerability remediation.
Use vulnerability management APIs to automate management of
vendor security vulnerability notifications.
Compliance: Use the compliance engine to apply standards for
regulatory and security regulations such as CIS and DISA.
Customized rule sets for other regulations or internal policies
can also be created. Automate audit preparation activities and
use built-in, customizable reports to demonstrate compliance.
Use integrated change management to close the loop on
automated compliance actions.
Virtualization and Cloud Computing: Rapidly provision and
configure large physical, virtual, and cloud environments.
Provisioning: With support for many vendors and virtualization
platforms, including SDN Controllers and wireless devices,
admins can expedite new multi-tiered networks, including
services for VLANs such as firewalling, load balancing, and WAN
acceleration. Deploy access control list (ACL) changes and
syntax scanning without disrupting the network.
Configuration: Implement a policy-based approach to configure
or change network devices with templates based on best
practices to simplify administration and ongoing maintenance.
*469696*
Administration: Leverage single-sign-on (SSO) for ease of use.
Auto import LDAP or AD users. Improve security and workload
sharing by controlling who can view and change configurations
through fine-grained role-based access control (RBAC). Use
multi-server administration to manage multiple TrueSight
Automation for Networks servers from a single console.
Broad Solution Support: Integrate with BMC Helix CMDB to
understand business service context before impacting device
configurations. Manage and document changes in ITSM with
TrueSight Orchestration to close the loop on continuous ITIL®
compliance.
OS Image Management: Manage OS images with built-in OS
image library and deploy actions. Includes support for remote
file servers for flexible implementation.
APIs and External Links/URLs: Develop custom workflow
automation to control TrueSight Automation for Networks
functions through in-bound APIs. Launch in context from other
applications to speed problem resolution.
Device Import: Import and start managing devices from discovery
tools such as BMC Discovery, CiscoWorks, Entuity Network
Analytics, HelpSystems™
Intermapper®
, Ipswitch®
WhatsUp Gold®
,
user-defined database query, or CSV formatted file.
Data Export: Feed event information from TrueSight
Automation for Networks into log analysis and management
solutions such as TrueSight Operations Management and Splunk
via syslog.
FOR MORE INFORMATION
To learn more about TrueSight Automation
for Networks, visit
bmc.com/it-solutions/truesight-network-
automation.html
Easily triage violations by device and severity.