Anubhav Arora has more than 20 years of experience in the Networking and Cyber-Security industries in various engineering technical leadership roles. At Fidelis Cybersecurity, he leads the R&D efforts... Read More
As the SolarWinds hack continues to unfold and expand in both its scope and impact, we know that the real jigsaw picture is much bigger than the pieces we currently know about. And as we still try and complete the SolarWinds jigsaw puzzle, the question that stares at us is, “What did we learn to be better prepared for the inevitable next time?”
SUNBURST was neither the first such hack, nor last. Let’s explore the learnings here, and start with the common elements of such events:
It is extremely important for an organization to enable prevention, segmentation, and zero trust authorizations for assets, users and data to implement a “shift left” security posture. But as we learnt above, these are necessary but not sufficient for modern attacks and hence an ‘Active Defense based Detect and Respond’ security posture that operationalizes deception as well as anomaly and kill-chain detections on pervasive visibility by algorithms, hunting and investigating are the only few opportunities to detect such a hack in early stages.
Once the information about IOCs, tactics and techniques used becomes available, and these are also the tools in place to operationalize new intelligence retroactively and hunt back in time, going back through months of data looking for pieces of the jigsaw. Fidelis Elevate is an Active XDR solution that enables both of these facets – detect and respond:
To summarize: to prepare for the next storm, create security operations processes that are founded on sound cyber-hygiene, prevention, segmentation, zero-trust as well as deception, visibility, threat hunting, investigation and response enabled by an Active XDR suite like Fidelis Elevate.