All those need to be combined into a single, unified strategy.įor every organization looking at this hack and considering how future attacks of this sophistication will impact them, it's a good idea to use this event as a way to get your board and executives thinking about a more resilient, hardened multilayer approach and not relying on a single solution to protect you. That initial vulnerability will be there and you need those layers of security to prevent it, so you need to look at preventive controls, predictive controls and detective controls. When you investigate this attack, it is pretty sophisticated and has multiple vectors to it and one has to assume there will be certain threat vectors compromised. No one strategy or approach could have prevented it. There's no silver bullet to stop a hack this sophisticated, though. What is that and how would it have helped in the SolarWinds case?Īndy: For me, the biggest takeaway of this hack is that a layered approach to security is the way to go in the future in light of this hack's sophistication. Louis: You and many others are an advocate of a layered approach to security. Attackers are patient and they wait to extract the data and then cover their tracks.
![solarwinds hacked solarwinds hacked](https://www.crn.com/resources/0264-111f2d5310af-6830a1a22473-1000/hacker-cybersecurity-data_20201218162011.jpg)
In some cases, it's been software, as is the case with FireEye, or email servers, as is the case with government agencies. Still, once the attackers are in, the breach starts to look very traditional in the sense that they settle in, sit there for a while, scan the network, move laterally in that environment and hunt for privileged access.Īll those things happened precisely by the people who investigated and then you find the data you're going after. So that's a bit unique about how that initial vulnerability was there.
![solarwinds hacked solarwinds hacked](https://cdn.ttgtmedia.com/rms/onlineimages/Solar_Winds_Backdoor_mobile.jpg)
Solarwinds hacked software#
What's unique was this case is that the initial vulnerability wasn't just, "Hey, I phished somebody's password and logged in." It was a vulnerability in the software build process for SolarWinds. We ran the Anatomy of a Hack webinar earlier this year and it always starts with that initial vulnerability and getting in. Louis: How are the cyber-attack methods used in the SolarWinds hack particularly unique?Īndy: It follows a very common cyber-attack kill chain we've seen at Centrify for years. That's one reason it's enormous: you just gave something that was being used for good to threat actors intent on gathering as much intelligence across a supply chain of customers as they can. That's one aspect of this hack that makes it remarkable, as sophisticated tools from FireEye are in nefarious actors' hands.