Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
SUNBURST, Supply Chain Attacks and How to Detect Them
February 26, 2021
A supply chain attack is a particular type of hack that seeks to gain access to protected information or damage an organization by targeting less secure elements in the supply chain, such as third-party vendors or software.
Supply chain attacks have been used against organizations and government entities for many years. From the high-profile 2010 Stuxnet attack on Iranian nuclear centrifuge control systems to the 2020 SolarWinds SUNBURST backdoor Trojan attack, these highly sophisticated hacks have caused substantial losses and/or setbacks for the victims, as well as significant reputational damage.
Successful, highly damaging supply chain attacks often have many of the following elements in common:
Over the past 10 years, much has changed across the IT landscape, yet many basic security challenges stubbornly remain. Cloud adoption has outpaced even some optimistic predictions as organizations choose to outsource their data centers to improve focus on core business initiatives. As opportunities for businesses to innovate in the cloud continue to unfold, they create an equally large number of new targets for attackers to pursue.
As cloud adoption has increased, DevOps has also found ways to accelerate the deployment and development of cloud workloads. In the process, they may neglect security and expose potential attacker footholds.
Finally, widespread use of open source software has ushered in a new era of ease and cost reduction in cloud application development while also increasing the risk of vulnerabilities (unintentional or otherwise) in cloud workloads. Wisely, cloud providers have chosen to “share” responsibility for security in the cloud with their customers.
We don't yet fully know the origin and number of attackers involved in the SolarWinds SUNBURST exploit. But we do know their techniques were highly sophisticated, involved a number of steps, used both customized software and tools existing in the environment and resulted in data exfiltration and other damage. More troubling is the nine months or more of dwell time the attackers enjoyed. However, there’s a silver lining. Each step in a multistep supply chain attack offers an opportunity to discover and stop intruders.
What defenders need is a sophisticated and stealthy security toolset that can adapt and keep pace with the latest attack techniques. Fortunately for them, those solutions are within reach.
For example, network detection and response (NDR) tools tap into the network to mirror packets that can give defenders a covert vantage point and unassailable data source.
Dissecting packets to extract metrics reveals a wealth of useful information, including all connected devices and device types within a data center or cloud environment, attacker lateral movements, new connections, abnormal user behavior, data breach attempts and ransomware.
We know that the SUNBURST attack had both an extensive scope and long dwell time, which increased the potential for damage exponentially. Because of this, organizations are relearning just how important it is to have months of logs and network activity readily available so they can determine how and when they were hacked.
We don’t know what the next big supply chain attack will be or when it will take place, but with heightened awareness and tools that offer network visibility and historical data, organizations have a fighting chance against advanced threats.
August 12, 2020
This Cyber Threat Intelligence Estimate summarizes key threat activities, threat actors and topics crucial to data breach prevention. It also provides...
February 04, 2021
This post addresses key areas organizations should evaluate when reviewing or building out third-party risk management programs.
Let us know what you need, and we will have an Optiv professional contact you shortly.