Secure critical communications
Agencies dealing with the fallout must reevaluate the security status of their communication platforms. An immediate remedy would be the enterprise-wide use of Wickr, an end-to-end encrypted communications tool. Currently used by the Defense Department and holding multiple ATOs, agencies can leverage Wickr to safeguard all their critical communications and ensure mission continuity.
Baseline network behavior
Darktrace is the world’s leading artificial intelligence company for cyber defense. Its Cyber AI Platform baselines all network traffic within an organization and creates profiles of the users, applications, and traffic. This provides immediate awareness when a tool or solution is compromised. Even in proprietary protocols, packet behavior still shows a normal pattern of life. Thus, even with the traffic hidden in the Orion protocol, Darktrace can detect it.
During a Proof of Concept at a government agency a day after the SolarWinds breach was disclosed, the Orion malware was seen in real-time in its compromised state. This prompted an immediate response by the agency’s SOC team. Darktrace had recognized a completely new threat.
Service accounts are a common tool across enterprises and can go unmonitored, unreported, and unsecured. With the Solarwinds breach, service accounts provided a free pass into the infrastructure and critical services across an organization’s infrastructure.
CyberArk is the market leader and trusted expert in privileged access management (PAM) for the federal government. Its comprehensive platform manages and secures service accounts, whether they’re local or domain accounts. CyberArk’s Core Privileged Access Security Solution centrally secures and controls access to privileged credentials, isolates and monitors admin sessions, and detects, alerts, and responds to anomalous privileged activity.
In the SolarWinds breach, the malware performed abnormal activities, created new user accounts, and accessed other devices. CyberArk could have immediately shut down new accounts and brought attention to the rogue behavior.