The SolarWinds Orion attack illustrates the importance of Cyber Resilience

by in CyberRes

By now everyone has heard about the FireEye and SolarWinds Orion attack that impacted the Department of U.S. Treasury, U.S Commerce Department and many Fortune 500 companies around the globe.  The sophisticated attack started with “an intrusion through malicious code in the SolarWinds Orion product” in the SolarWinds supply chain, reports this Microsoft blog, “Important steps for customers to protect themselves from recent nation-state cyberattacks.”

Once the attackers had persistence on the network, “with compromised credentials, they moved laterally using multiple different credentials,” according to this FireEye blog. The attack Command and Control traffic to the malicious domains “were designed to mimic the normal SolarWinds API communications,” continues the blog.

Organizations need Cyber Resilience and Zero Trust

Cyber Resilience and Zero Trust are more than a product. It’s a collection of activities working together to give companies the best protection possible as information travels across devices, apps, and locations around the world. Zero Trust starts with:

  • User & Entity Based Analytics (UEBA), creating a ‘unique normal’ digital fingerprint of each user or entity, using unsupervised machine learning.
  • Feeding UEBA information to assess the risk behind the request
  • Adapting the authentication method based on the contextual information from the entity and allowing, stepping up, or denying access based on risk.
  • Finally, having your Cyber Resilient Zero Trust integrated into your Security Operations Center (SOC), alerting on any suspicious or abnormal activities.

Risk based authentication.png

Cyber Resilience is the key

The SolarWinds supply chain attack was sophisticated and may have been difficult to detect but the Cyber Kill Chain objectives, developed by Lockheed Martin, are generally predictable. One of the key tenants of Cyber Resilience is to develop depth in a defense strategy that can protect, detect, and evolve. Building and maturing your program around a collection of activities and integrated technologies working together gives companies the best protection possible in the constant and ever-changing business world we are asked to secure.  

 

More information:

Have technical questions about NetIQ? Visit the Access Manager User Discussion Forum, the Identity Manager User Discussion Forum, the Identity Governance and Administration User Discussion Forum, or the Privileged Account Manager User Discussion Forum. 

Have technical questions about User and Entity Behavioral Analytics (UEBA)? Visit the Interset User Discussion Forum. Keep up with the latest Tips & Info about User and Entity Behavioral Analytics (UEBA).

We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Identity & Access Mgmt
Anonymous