6/24/2023 0 Comments Solarwinds orion breach(This is the first link of the Lockheed Martin “cyber kill chain” model of cyber exploits.) The hacker’s initial probing for vulnerabilities inevitably required new connections between internal and external devices that ZAlert could have flagged for investigation.Įven if a vulnerability were identified and exploited, abnormal behavior in the next kill chain phases would have set off additional alarms. In the case of SolarWinds, ZAlert’s capabilities could have detected suspicious activity as early as the preliminary “reconnaissance” phase of the attack. Real-world feedback continuously improves its understanding of nominal behavior and its sensitivity to potentially threatening anomalies. Its behavioral engine flags unusual events, providing immediate context for classification and response. ZAlert, StealthPath’s keystone product, uses AI and advanced analytics to build a complete model of normal system behavior. It enables organizations to evaluate their security and operational integrity posture against acceptable risk within a continuous assessment framework. The StealthPath Zero-Trust Capability Model provides a new perspective. How StealthPath’s approach eliminates inherent trust and prevents exploits An increased number of enforcement points provide greater visibility and more granular control of traffic flow into, out of, and across the network. A zero trust strategy is about establishing the right policies, identifying the optimal enforcement points, then effectively enforcing those policies at the identified enforcement points. Based on the concept that an organization should not inherently trust anything inside or outside its perimeters, a zero trust environment narrows access using security controls that continuously monitor and verify all connections before authorizing requested operations. The ZTCM incorporates the principal tenants of zero trust security to help organizations establish a holistic implementation strategy to monitor and validate network activity continuously, at a granular level. StealthPath proposes that a zero trust strategy, guided by our StealthPath Zero Trust Capability Model (ZTCM), is one that organizations should pursue to evolve their security posture and strengthen their cyber and operational defenses. While extraordinarily damaging and highly sophisticated, the multi-phase SolarWinds breach is just another wake-up call, a red flag alert that current cyber-defense strategies need to evolve. Predecessors, including NotPetya, WannaCry, and others, have also capitalized on this vulnerability. Sunburst’s exploitation of situational blindness isn’t new. The full impact on SolarWinds’ 18,000 customers remains undetermined.Įach wave’s lesson is that organizations cannot monitor network activity with the granularity needed to detect and contain trusted entities’ anomalous activity. Finally, using trusted credentials and remote access, the attackers launched a devastating fourth wave, stealing confidential data and disrupting business activities. The resultant backdoors let attackers target authentication systems and gain access to global administrator accounts. The third wave delivered trojanized code to SolarWinds customers via a remote product patch update. A second wave targeted the SolarWinds product development environment, injecting malicious code into its popular and proprietary Orion software. In the first wave, a nation-state actor compromised SolarWinds by gaining access to the leading network software firm’s enterprise networks. Each wave penetrated more deeply into the target environments, stealing insights into how the US government and enterprises think and operate. Attackers launched at least four waves of compromise. The attack was an advanced and covert campaign, allowing attackers to remain undetected for upwards of 18 to 24 months. These strategies, coupled with a practical prevention posture, how have identified malicious behavior and initiated immediate action. This whitepaper explores how SolarWinds, or any of the 18,000 companies compromised by the Sunburst malware during the breach could have leveraged zero trust principles to detect and neutralize the attack in its earliest stages. Effective implementation of a zero trust security strategy could likely have prevented one of the most damaging cyberattacks in US history, the full impacts of which remain far from completely realized.
0 Comments
Leave a Reply. |