Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Tuesday, 29 June 2021 23:25

Preventing the next SolarWinds attack requires a different approach

By Jim Cook, Attivo Networks
Jim Cook, ANZ Regional Director at Attivo Networks Jim Cook, ANZ Regional Director at Attivo Networks

GUEST OPINION by Jim Cook, ANZ Regional Director at Attivo Networks: When the global SolarWinds cyberattack came to light earlier this year, it sparked grave concerns across private and public-sector organisations. If attackers could use software from a trusted vendor to breach defences, how could security ever be guaranteed again?

In the wake of the attack, both governments and businesses remain focused on hygiene, information sharing, and the like. However, while these are critical, they are not enough to stop a future major breach.

Attackers mounted the SolarWinds breach via a trusted vendor, meaning that even the most diligent cyber hygiene and immediate patching would not have prevented it from occurring. Also, while information sharing is important, it would not have worked in this case as it took some nine months to detect the attack.

Fortunately, the SolarWinds breach occurred at a time when data security is receiving increased attention. In the United States, a new federal Internet of Things cybersecurity bill recently passed into law. Other governments are considering similar moves, giving hope that the SolarWinds breach might finally prompt the right legislative action on a global basis.

Beyond information sharing
For the information-sharing aspect of cybersecurity to be truly effective, several things must happen. The first is to improve current methods because even well-coordinated information sharing won’t be useful without more effective detection and instrumentation to go along with it. Ultimately, organisations cannot share information about something they haven’t detected.

Unfortunately, information sharing includes indicators of compromise (IoCs). These might consist of hashes of files, IPs, and domains of command-and-control systems. While this provides some value, defenders also need data on tactics, techniques, and procedures (TTPs) to help them respond better to attacks as they occur.

Some advisory bodies, such as MITRE, provide helpful guidance in this area, but organisations need more timely data. Without better detection, information sharing will continue to be limited to sharing the aftereffects of an attack rather than its causes. 

The need for better detection
Any legislative changes that come about due to the SolarWinds breach must focus on requiring enterprises to adopt recommendations made by bodies such as NIST and MITRE, which are increasingly seeing the value of in-network detection tools. Indeed, recent NIST recommendations have focused on building long-term resilience to attacks and continuously looking for lateral movement and privilege escalation activity.

Meanwhile, MITRE has released MITRE Shield, which is a complement to its highly regarded MITRE ATT&CK matrix. ATT&CK looks at TTPs and shows how attackers break in, what they do, and what tools they use, while Shield looks at those TTPs and focuses on building an active defence structure to combat them.

The SolarWinds attack demonstrates why organisations can no longer inherently trust software providers or third-party tools. Instead, they must adopt an ‘assumed breach’ security posture and more effective detection tools to enable it.

Patching vulnerabilities as they arise is important. However, recommendations like those MITRE and NIST provide can help enterprises stay on top of network security more proactively by cleaning up the network environment, locating exposed credentials, identifying potential attack paths, and identifying lateral movement.

Without improved detection capabilities, attackers will simply find another way into the network. Furthermore, even the most effective firewalls and perimeter tools will never stop 100% of attacks, making detection tools at all levels of the network more critical than ever.

Detection enables better information sharing, including the ability to share TTPs in near-real-time, helping organisations stop attacks more quickly and effectively. This ability ensures that information sharing becomes an incredibly valuable tool rather than something only useful after the fact.

No silver bullets
Although there is no silver bullet that will stop the next SolarWinds attack, governments have an opportunity to prompt change. Current implementations and discussions about expanding information sharing have gone part of the way, but some tools can fully realise information sharing’s enormous potential.

Organisations must adopt the guidelines issued by advisory bodies such as NIST and MITRE, while governments must create meaningful regulations that incentivise organisations to institute more effective detection capabilities.

In the future, organisations of all sizes need to shift from attack response and recovery to attack detection and faster mitigation. By doing this, they can reduce the likelihood of another SolarWinds attack significantly.


Subscribe to ITWIRE UPDATE Newsletter here

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments