Cybersecurity Bulletin: SolarWinds Data Breach

Data Breach Break Down Objectives

After watching these videos, you will have a better understanding of:
  • What is the SolarWinds data breach (Part 1);
  • What we are seeing in the wild related to the breach (Part 2); and
  • Recommendations to minimize your risk (Part 1 and 2).

SolarWinds: What Happened?

On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive for all federal civilian agencies to review their networks for indicators of compromise related to a breach involving SolarWinds Orion products.

Bogdan Salamakha, TCDI’s Senior Cybersecurity Engineer, filters out the noise to break down what happened, who was affected, and provide recommendations that organizations can implement to protect their network.

Speak to a

  • This field is for validation purposes and should be left unchanged.

Part 1: SolarWinds Hack Discussion

Part 2: A Threat Hunter's Perspective on the SolarWinds Hack

Sometimes it doesn’t matter how much technology you have at your disposal. If a hacker finds a weak link, you can bet they will attempt to exploit it. Here are recommendations to lower your risk and make it difficult for a malicious actor to gain a foothold in your network.

Conducting a penetration test is one of the easiest and most cost efficient ways of identifying vulnerabilities before they can be exploited by a hacker or malicious insider. There are six main types of pen tests:
  • External / Firewall
  • Web Application
  • Internal
  • Wireless
  • Physical
  • Social Engineering
Each provide valuable insights into your organization's cybersecurity. For example, an internal test would be the most beneficial to determine how far a hacker or malicious insider can penetrate into your network once they have gained access.

Learn More About Pen Testing and How to Evaluate Vendors >>

A configuration audit will review your application and / or device settings to industry best practices and applicable compliance regulations to identify security gaps that may exist.

Configuration audits can be performed on a variety of devices, applications, and platforms which may include:

  • Windows and Unix Operating Systems
  • Office 365, Microsoft Azure
  • VMWare
  • Web Servers (IIS 6, IIS 7, Apache)
  • Active Directory (Domain Controller)
  • PHP
  • SharePoint
  • SQL, MySQL, Oracle
  • Firewalls, Managed Switches, or other Managed Perimeter Devices including Cisco, Palo Alto, SonicWall, Brocade, FortiGate, Juniper
With Managed Security Services, you will have access to:

  • Cybersecurity Monitoring
  • Threat Detection and Automated Response
  • Malware Protection
  • Vulnerability Management
  • Data Loss Prevention

By actively monitoring your network, you can analyze events in real-time, both manually and through automated triggers. This can decrease the time it takes to identify potential threats before they escalate.

Learn More About Managed Security Services >>

Vendor risk management is critical. Hackers have a history of targeting vendors, such as Managed Service Providers (MSPs), and using that connection to infiltrate client networks. So what can you do?

Audit your vendors. When was the last time your vendor had a pen test? Do they have a business continuity plan in place? Does their security meet or exceed your own?

That last one is a big one. If they can't answer yes, then maybe it is time to consider a new vendor.

Cybersecurity professionals are in high-demand, and as such, command high salaries. Thus, it is not always feasible to hire a full-time resource, especially for small to mid-sized businesses. That's where a Virtual CISO comes into play.

Organizations can engage a trusted advisor to act as their CISO on an as-needed basis. With access to a team of highly skilled experts, companies can gain:

  • Data security peace of mind
  • Access to sophisticated tools and specialized knowledge
  • An understanding of the latest threats, laws, and guidelines
  • Objective third-party advice

For example, when an event such as SolarWinds makes headlines, you can reach out to your Virtual CISO to get advice on next steps. Does this impact your organization? What do you need to do right now? What are proactive steps to ensure your data is secure?

Share on linkedin
LinkedIn
Share on facebook
Facebook
Share on twitter
Twitter
Share on email
Email

Copyright © 2020 Technology Concepts & Design Inc. All rights reserved. Privacy Notice.

TCDI is NMSDC certified
Greensboro, North Carolina
4508 Weybridge Lane
Greensboro, North Carolina 27407
Tel +1.888.823.2820


Cleveland, Ohio
The Idea Center, Playhouse Square
1375 Euclid Avenue – Suite 400
Cleveland, Ohio 44115
Tel +1.216.664.1100

  • This field is for validation purposes and should be left unchanged.