Updated March 17, 2021
Since the initial FireEye and SolarWinds attack, we have seen some new developments. Most recently, Microsoft Exchange on-premises servers have been compromised. That brings the total to 3 major labels with long histories of reliability and trusted security.
Microsoft is currently investigating a 3rd party partner as the potential source of the hack. As with FireEye and SolarWinds, Microsoft is another big target with high reward of potential clients impacted. A multi-layered security approach would mitigate this risk as we recommended below.
Ironically, Office/Microsoft 365’s infrastructure was not affected. This further illustrates a dire need to move to the cloud, but as we stated, you still need to have a multi-layered security solution that protects your cloud infrastructure as well. Next time, that infrastructure could be targeted.
Original article published February 2, 2021
What has the recent FireEye & SolarWinds cybersecurity breach taught us?
That a multi-layered approach is the only solution for cybersecurity protection. The banking industry has used this philosophy for years. Risk adverse from the start, the banking industry has foreseen the inevitable pitfalls of placing all of your security eggs in one vendor’s basket. I’ve spent the majority of my career in and out of financial services IT, and the one constantly effective strategy that prevented any cyber breaches was a multi-layered approach. Fifteen years ago, that strategy might have only included five unique layers working in tandem, but today with the addition of AI & Machine learning technology, you can and need to employ somewhere closer to 13 layers.
What exactly happened?
Let’s take a closer look at what actually happened with the recent breach.
FireEye, a well-known cybersecurity firm with many security solutions has been an effective vendor for many financial institutions for years. They even go so far as to execute many red/blue teams hacking engagements for their customers to pressure test their security. So, as a powerhouse in the cybersecurity game, it is only natural that hackers sought to steal FireEye’s toolset. Why build something from scratch when you can obtain and use a pre-made system against itself? The stolen FireEye tools were used to penetrate SolarWinds’ Orion enterprise platforms found in on-premises networks for the majority of Fortune 500 companies. It also appears as though exploits in Microsoft 365 were used to gain access. Again, a big targets with high rewards. (These are the current theories on the the root of the breach, but analysis is still ongoing.) It should be noted that SolarWinds offers many other products and their managed service provider (MSP) products were actually more secure than the on-premises Orion platforms and were not breached. This just goes to show that even the biggest labels have an off day.
The lesson here is that you should never rely on a best-in-suite security approach where one vendor is supplying all of your layers of security.
You should create many layers and use multiple vendors within those layers. After all, as we have witnessed, brand recognition can make any one vendor a target. A best-in-class approach would use multiple top ranked vendors and create your own custom protection. For instance, if you have an IDS System from Vendor A (top rank vendor), then you should also have one from Vendor B (#2 top rank vendor). All of your layers should have multi-factor authentication (MFA) and one-time passwords (OTP) enabled. You will still want to carry out separation of duty reviews and routine IT audits. Be sure to align yourself with IT vendors or managed service providers that understand these complexities for both on-premises and cloud architectures, or what we like to call hybrid environments. Don’t be fooled into thinking that by moving everything to the cloud, you are secure, you still need to do the due diligence of reviewing your cloud vendors, and you still do not want to heavily rely on just one vendor. Keep that multi-layered mindset.
Here are some suggested layers to consider implementing into your cybersecurity protection:
- Multi-factor authentication (MFA)
- One-time passwords (OTP)
- Intrusion Detection Systems & Intrusion Prevention Systems (IDS/IPS)
- Real-time anti-malware and Zero Day Protection
- Endpoint Detection and Response (Skip signature-based antivirus solutions, they have become irrelevant.)
- Machine learning and AI learning within security layers
- Security Event & Incident Management (SEIM)
- Radius Authentication
- Cloud-based directory services
- Single Sign-On (SSO)
- Enterprise wireless networks with IDS/IPS
- Virtual local area network (VLAN) & network segmentation
- Distributed denial-of-service (DDOS)
- Domain Name System Security Extensions (DNSSEC)
- Proper DNS and Sender Policy Framework (SPF) tags
- Spam, Phishing, and Malware protection
- Cloud-based backups with ransomware protection
- Air-gap your backups even with a cloud provider
These layers are just the start! There are many other layers to also consider.
I started Verdant TCS as a managed service provider to fill the gaps in security I witnessed during my time in banking. Our business has been focused on this goal from day one because I witnessed many of my business banking customers fall for simple cyber-attacks and schemes. The in-house IT departments or MSP at these businesses allowed malware and ransomware to breach their network. Suddenly, money was being moved out through business account compromise (BAC) impersonations and spear phishing techniques that gained logins and passwords. The hackers then tricked the accounting departments into wiring money or allowing transactions to be slipstreamed into online banking transactions from their compromised computers. This happened within the business, not within the bank. These breaches are the easiest targets with the highest rewards for hackers. I created Verdant TCS to stop this from happening to more businesses and to build a different model of protection as an MSP. We consider, implement, monitor, and support the many layers of security needed to protect your business so that you can rest easy.
For questions or more information on how Verdant TCS can help secure your business please contact us.