4 min read time

What SolarWinds teaches us about Cyber Resilience

by in Cybersecurity

The security world is abuzz with the SolarWinds cyberattack and its effects across both government and private sectors. The full impact of this attack is unknown but is expected to be significant, given the level of access it provided—according to the State Department and as reported by CNET.

The obvious question is, “What could companies have done to be more cyber resilient against such a threat?” Once inside an infected system, the hackers could download more malicious tools and steal employee credentials to gain access to more critical parts of the network, reported the Intercept website about the SolarWinds hack. Clearly just protecting the environment perimeter and identities was effectively useless.

Cyber Resilience is Key

What SolarWinds teaches us about Cyber Resilience.jpgCyber resilience revolves around three principles: Protect, Detect, and Evolve. The Protect part focuses on protecting the data itself. Too many companies just build walls around the data, which often fails, as illustrated by recent headlines. There is a better approach: build the protection into the data. This can take different forms.

For unstructured data, many companies think traditional disk-level encryption protects them. This technology is effective against the use case it was designed for: loss of the physical media. But disk-level encryption does nothing to protect against the highly evolved attack vectors seen today.

With Voltage SmartCipher, files are encrypted and have a policy attached that moves with the data, enabling enforcement as the files are moved throughout the system. This policy controls what operations can be performed on the files, and also ensures that those operations are passed to the Detect piece of cyber resilience, providing insight into what is being done with a file, even within the limits of that policy. Since the file is persistently encrypted, exfiltration means the attacker gets useless protected data.

Voltage SecureMail for email encryption can also help. Many companies deploy email encryption at the perimeter to encrypt communication with third parties. While this solves the external communication use case, it is not always sufficient. As multiple email breaches have proven, internal email needs protection just as much as external. This cannot depend on employees to make the right decision with every email they send; instead, SecureMail–SmartCipher integration can provide policy-driven email encryption based on the email content, which is automatically enforced when the email is sent.

Protecting the Data Itself

Structured data also needs protection. Many sites try to provide this through some form of database- or disk-level encryption. Neither of these approaches is an appropriate data protection strategy, as at best, all they do is remove access to the sensitive information from some database administrators.

A better approach is to use Format-Preserving Encryption (FPE) to protect the data itself. This ensures that applications and users see protected or de-identified information by default: it is decrypted only when there is a need to access the live data, and that activity can be logged. Thus FPE can both protect and detect data misuse—while it is happening, creating a feedback loop between Protect and Detect.

Some sites consider Dynamic Data Masking (DDM) as an approach to protecting structured data. The major flaw with DDM is that the data is in the clear by default, and is masked only when an unauthorized user views the data. This both leaves the data in the clear while at rest, where it is vulnerable to attack, and also provides no ability to detect a privileged user compromise. Thus while it offers some very limited Protect capability, it adds absolutely no Detect capability.

Coupling these Voltage components with Identity and Access Management functionality enables combining data insight and protection. A compromised identity can be detected and monitored quickly, providing nearly instantaneous insight.

Do You Know Where Your Data is?

Of course this requires protection of the actual sensitive data, and many organizations do not have a good map of where their data is: they need a comprehensive data discovery solution. File Analysis Suite (FAS) is the perfect tool to continuously search for and classify such data. And FAS integrates with SmartCipher to apply appropriate protection as sensitive data is discovered.

New approaches are needed to create a comprehensive Cyber Resilience approach. Traditional products fail to protect what really matters; the data, however Micro Focus offers a broad set of tools that do so quickly, efficiently, and effectively.

 

More information:

Have technical questions about Data Security, Encryption, or Tokenization? Visit the Data Security User Discussion Forum. Keep up with the latest product announcements and Tips & Info about Data Security and Encryption. We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Data Privacy and Protection
Data Privacy and Protection