How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?
The story thus far: A hacking group infiltrated the SolarWinds Orion software through malware and then conducted a privilege escalation attack. With these privileges, the hackers established a backdoor into the Orion system, allowing them to create a malicious update that granted them visibility and mobility over victims.
Over 18,000 organizations were affected by the attack, including multiple U.S. government departments and other cybersecurity providers. At the time of writing, the fallout continues, with announcements from the In fact, the SolarWinds attack might go down in history as the most significant and devastating.
However, this doesn’t end the story. Numerous reports suggest that the hackers responsible continually tried to use their position to attack Microsoft. Microsoft successfully deflected the attack and downplayed the severity. Nonetheless, it should give all businesses pause regarding their own third-parties in their IT environments.
Can you monitor your third-parties? Do you know what third-parties interact with and how they behave on your network? How would incident response work in the event of a hacker breach in a third-party?
This is where you need to think in terms of SIEM.
How the SolarWinds Attack Should Make You Rethink Your Third-Parties
User and Entity Behavior Analysis (UEBA) creates baselines for the behavior of all participants in an IT environment. Then, it monitors all of the users and entities in your environment to look for behaviors that violate that baseline.
Once that occurs, the SIEM solution can send an alert to your IT security team for immediate investigation. When paired with contextualization, this can help speed up investigation and remediation times, reducing the burden on the team.
Additionally, UEBA provides necessary insight into third-parties conducting business on your network. With that visibility into their activities, you can discover any malicious subversions before significant damage can occur.
Log Management in a SIEM context refers to the capability to aggregate, normalize, and analyze the security event data accumulated by different IT components. This data remains crucial in providing insights into what’s going on in your IT environment at any given moment.
With the right capabilities and next-generation SIEM tools, you can directly monitor third-parties and their activities in your environment. Alternatively, you can monitor and log where they interact with data and how, both of which can indicate threats.
SIEM’s compliance capabilities borders on the legendary in certain circles. It can provide out-of-the-box, automatically filled reports that meet with industry and government cybersecurity standards. Although compliance standards and best practices standards don’t often match, as the former is much less stringent than the latter, they can provide the necessary starting point to securing third-parties.
Often, industry and governmental regulations mandate specific interactions concerning third-parties, so this should be thought of as a stepping stone in your cybersecurity.
Obviously, cybersecurity concerns more than these capabilities, and securing third-parties is an involved process. You can always learn more by downloading our SIEM Buyer’s Guide.