{"id":3292,"date":"2021-02-22T15:29:06","date_gmt":"2021-02-22T19:29:06","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3292"},"modified":"2021-02-22T15:29:06","modified_gmt":"2021-02-22T19:29:06","slug":"how-the-solarwinds-attack-should-make-you-rethink-your-third-parties","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/","title":{"rendered":"How the SolarWinds Attack Should Make You Rethink Your Third-Parties"},"content":{"rendered":"

\"How<\/p>\n

How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0<\/span><\/p>\n

The story thus far: A hacking group infiltrated the SolarWinds Orion software through malware and then conducted a privilege escalation attack. With these privileges, the hackers established a backdoor into the Orion system, allowing them to create a malicious update that granted them visibility and mobility over victims.\u00a0<\/span><\/p>\n

Over 18,000 organizations were affected by the attack, including multiple U.S. government departments and other cybersecurity providers. At the time of writing, the fallout continues, with announcements from the\u00a0 In fact, the SolarWinds attack might go down in history as the most significant and devastating.\u00a0\u00a0<\/span><\/p>\n

However, this doesn\u2019t end the story. Numerous reports suggest that the hackers responsible continually tried to use their position to attack Microsoft. Microsoft successfully deflected the attack and downplayed the severity. Nonetheless, it should give all businesses pause regarding their own third-parties in their IT environments.\u00a0<\/span><\/p>\n

Can you monitor your third-parties? Do you know what third-parties interact with and how they behave on your network? How would incident response work in the event of a hacker breach in a third-party?\u00a0<\/span><\/p>\n

This is where you need to think in terms of SIEM<\/a>.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n

How the SolarWinds Attack Should Make You Rethink Your Third-Parties<\/b><\/h2>\n

UEBA<\/b><\/h3>\n

User and Entity Behavior Analysis (UEBA) creates baselines for the behavior of all participants in an IT environment. Then, it monitors all of the users and entities in your environment to look for behaviors that violate that baseline.\u00a0<\/span><\/p>\n

Once that occurs, the SIEM solution can send an alert to your IT security team for immediate investigation. When paired with contextualization, this can help speed up investigation and remediation times, reducing the burden on the team.\u00a0<\/span><\/p>\n

Additionally, UEBA provides necessary insight into third-parties conducting business on your network. With that visibility into their activities, you can discover any malicious subversions before significant damage can occur.\u00a0<\/span><\/p>\n

Log Management<\/b><\/h3>\n

Log Management in a SIEM context refers to the capability to aggregate, normalize, and analyze the security event data accumulated by different IT components. This data remains crucial in providing insights into what\u2019s going on in your IT environment at any given moment.\u00a0<\/span><\/p>\n

With the right capabilities and next-generation SIEM tools, you can directly monitor third-parties and their activities in your environment. Alternatively, you can monitor and log where they interact with data and how, both of which can indicate threats.\u00a0<\/span><\/p>\n

Compliance<\/b><\/h3>\n

SIEM\u2019s compliance capabilities borders on the legendary in certain circles. It can provide out-of-the-box, automatically filled reports that meet with industry and government cybersecurity standards. Although compliance standards and best practices standards don\u2019t often match, as the former is much less stringent than the latter, they can provide the necessary starting point to securing third-parties.\u00a0<\/span><\/p>\n

Often, industry and governmental regulations mandate specific interactions concerning third-parties, so this should be thought of as a stepping stone in your cybersecurity.\u00a0<\/span><\/p>\n

Obviously, cybersecurity concerns more than these capabilities, and securing third-parties is an involved process. You can always learn more by downloading our SIEM Buyer\u2019s Guide<\/a>.\u00a0<\/span><\/p>\n


Widget not in any sidebars
<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0 The story thus far: A hacking group infiltrated the SolarWinds Orion software through malware and then conducted a privilege escalation attack. With these privileges, the hackers established a backdoor into the Orion system, allowing them to create a malicious […]<\/p>\n","protected":false},"author":41,"featured_media":2895,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[353,56,95,112,86,212,21,57,22,1134,280],"acf":[],"yoast_head":"\nHow the SolarWinds Attack Should Make You Rethink Your Third-Parties<\/title>\n<meta name=\"description\" content=\"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How the SolarWinds Attack Should Make You Rethink Your Third-Parties\" \/>\n<meta property=\"og:description\" content=\"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions & Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-22T19:29:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/\",\"name\":\"How the SolarWinds Attack Should Make You Rethink Your Third-Parties\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"datePublished\":\"2021-02-22T19:29:06+00:00\",\"dateModified\":\"2021-02-22T19:29:06+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg\",\"width\":800,\"height\":480,\"caption\":\"More Expert Commentary and Coverage of the GetHealth Exposure\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How the SolarWinds Attack Should Make You Rethink Your Third-Parties\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions & Vendors\",\"description\":\"Buyer's Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How the SolarWinds Attack Should Make You Rethink Your Third-Parties","description":"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/","og_locale":"en_US","og_type":"article","og_title":"How the SolarWinds Attack Should Make You Rethink Your Third-Parties","og_description":"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","article_published_time":"2021-02-22T19:29:06+00:00","og_image":[{"width":800,"height":480,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/","name":"How the SolarWinds Attack Should Make You Rethink Your Third-Parties","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","datePublished":"2021-02-22T19:29:06+00:00","dateModified":"2021-02-22T19:29:06+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"How does the SolarWinds Attack alter how enterprises should rethink their third-parties in their IT environment?\u00a0Find out here.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2020\/01\/SOAR-Automation.jpg","width":800,"height":480,"caption":"More Expert Commentary and Coverage of the GetHealth Exposure"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/how-the-solarwinds-attack-should-make-you-rethink-your-third-parties\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"How the SolarWinds Attack Should Make You Rethink Your Third-Parties"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions & Vendors","description":"Buyer's Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3292"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3292"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3292\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2895"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}