Many security professionals are re-evaluating traditional threat models and national cyber-defense strategies in light of the recent SolarWinds SunBurst exploit. For the time being, companies and system owners must rely on the tools and resources at their disposal to reduce the risk of further supply chain attacks.
The Sunburst vulnerability, rather than compromising the product’s security, compromised the product development cycle via a patch. Maintenance is needed for all major applications, and it is achieved by updates and patches. By injecting malicious code into updates and patches, a supply chain attack takes advantage of this dependence.
So, how do businesses and system owners build trust while still running their own IT systems? Redefining access control, creating a patch management strategy that encourages research and testing, and monitoring their network for malicious activity in conjunction with cyber threat intelligence are all good places to start.
Let’s start with the following questions in order to develop trust.
Why access control is critical
Instead of focusing on how to limit user access to hardware and software, a broader definition of access control forces businesses and system owners to examine the hardware and software they use. If businesses don’t know what is on their network, they are more likely to be targeted by supply chain attacks.
Redefining access control in a broader sense takes the vendor into account. To combat these attacks, vendor reputations and software assurance programs are needed. Account reviews should be automated to allow organizations to evaluate and assess user access between time periods, allowing system owners to easily detect inconsistencies and track activity for anomalies. Organizations should consider all threat vectors to their assets by understanding all access points and updating access on a regular basis.
What methods are companies using to coordinate patching and security testing?
Organizations should assist system owners in coordinating how they can patch and upgrade applications for all major operating systems, as well as scheduling time to test critical assets. Examining patches or changes to the systems found in a crown jewel analysis (CJA) is one basic mitigation. The results of these tests can be shared to help identify and react to risks. Without enterprise-level preparation, the most important systems and essential infrastructure fall to the bottom of the priority list.
Is cyber-threat intelligence being used by organizations to track networks?
SolarWinds has taught businesses the importance of proactive threat sharing. Prioritizing the security operations center (SOC) and consuming progressive cyber-threat information will help businesses stay alert. One solution is to use advanced threat hunting to locate the supply chain attack warnings that SIEMs are unable to provide.
To provide security over the entire cyber-attack life cycle, Cyber Threat Analysis Cells (CTAC) can analyze networks based on cyber-threat intelligence. If a company does not have the financial capital to develop its own CTAC or SOC, it can outsource these functions to save money. Organizations can more easily detect and react to events if they have intelligence along with engaging partners.