Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

The Hacked and Yet to Be Hacked: SolarWinds Breach Shows Detection is Key to Reducing Risk and Damage

Hugh Njemanze, CEO, Anomali

by The Gurus
January 27, 2021
in Featured
The Hacked and Yet to Be Hacked: SolarWinds Breach Shows Detection is Key to Reducing Risk and Damage
Share on FacebookShare on Twitter

Several years back, a number of security industry leaders began declaring that there are only two types of organizations, those that have been hacked and those that don’t yet know it. Industry analyst firm Gartner agreed and shortly thereafter began advising organizations to build out security strategies that could respond to this fact of digital life. Recently, we woke up to the news that FireEye, SolarWinds, Microsoft and possibly thousands of other public and private sector organizations had been compromised — reminding us that Gartner was on to something worth listening to.

As the incident unfolded, we began learning that the culprits, suspected to be a Russian-backed threat actor, had been in the big three’s networks for as long as nine months before they were spotted; free to move laterally across the victims’ digital ecosystems. How could this have happened? Haven’t we fixed the security problem by now? Both great questions. Especially when you consider that globally, organizations spend almost $125 billion annually on security and risk management products and services, there are more than 2,000 vendors serving the market, and venture capital money continues to fund innovation in the sector.

One constant that is all too easy for us to forget is that when it comes to cybersecurity, things are always changing. Adversaries adapt their campaigns frequently. When targets close one gap, attackers open up another. An anti-virus signature that worked one minute, may be obsolete the next. Firewall rules that permitted the right traffic in one day could end up letting in malicious packets the next. In security, there simply is no “set it and forget it” dial.

To maintain an effective level of defense, security leaders need to remain focused on their traditional technology stacks but also accept the notion that sooner or later, something malicious is going to slip in. Those who buy into this concept know that the success of a security program can’t be measured only by how many times it stops the bad guys and gals from scaling the walls, but also on how quickly those that do get through can be identified, cut off, and then purged.

The compromise of FireEye, SolarWinds, and Microsoft is certainly epic in nature but by no means unprecedented. Anyone who has been around the industry long enough can remember when lone-wolf hackers started to release worms designed to bore into the Windows operating system, the TJX payment card breach, the OMB espionage incident, and the Equifax break in — all at least equal in stature. What many may have soon forgotten though, is that each of these breaches, and the many that filled in the news cycles in between, had some things in common. Most notably, that the attackers were able to dwell undisturbed in victims’ systems for prolonged periods.

Frequently, adversaries are held up at the gate. With the help of modern defensive tools and strategies, organizations do prevent attacks from developing into breaches. Preventative measures should not be discounted, but security and risk teams need to be cautious of exclusive reliance on them. When on the battlefield, which is what the modern cyber landscape has essentially become, well-fortified walls are needed. It is equally important to have in place the ability to spot and stop enemies who make it past barriers before they do things such as detonate costly ransomware, steal data, or gather intelligence that could be used to execute an incursion later.

In cybersecurity, the ability to see an enemy before they can inflict too much damage is what we refer to as “threat detection.” Many capable defenders are able to detect and neutralize threats before they slip past the guards. Almost 100 percent of the time, as Gartner points out, at least one burrows in — which is all it takes to lead to a catastrophic breach. A best practice is a layered approach (also referred to as Defense in Depth).

In the days following the FireEye, SolarWinds and Microsoft breach, news outlets, security researchers, experts across social media, and a large number of security vendors have contributed to helping the world understand what happened, how to determine whether or not “your” organization has been impacted, and how to mitigate the effects of the breach. FireEye was the first to break the news and to start offering information on how to purge the attackers from networks. SolarWinds started immediately doing all it could to help its customers to recover. Microsoft has continued to provide updates. Even our own research team burned the midnight oil to provide free, relevant threat intelligence that can be used to aid with detection procedures. Every organization should certainly be leveraging its internal expertise to determine if the attack has impacted them. All should also consider taking advantage of the free and open assistance available, as no business should hesitate to accept outside help if it enables more quickly seeing and removing a threat before it can spread further into their networks.

Cybersecurity nirvana, where everything is protected and breaches don’t occur, may never be achievable. Organizations that accept the mathematical reality that not all breaches are preventable but almost all attackers are detectable can reduce significantly the level of risk and damage that threat actors are able to inflict.

By Hugh Njemanze, CEO, Anomali

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Increase in Ransomware Attacks on Healthcare Industry

Next Post

iOS 14.4 Released to Fix Three Security Bugs

Recent News

Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information