Breached? Treat Your
Infrastructure, Not
Just the Intrusion

How network security can improve after the SolarWinds breach

An Emergency Unfolds

The recent discovery of a March 2020 supply chain attack that trojanized SolarWinds’ Orion product has sent CISOs throughout the federal government scrambling. Thousands of SolarWinds customers, including federal agencies, unknowingly opened backdoors into their systems by updating malware-laced versions of Orion. As a result, attackers have burrowed into networks to spy on communications and steal data for months.

Thus far, the Departments of Commerce and Treasury are known victims of the breach, with the Departments of Energy, Homeland Security, State, the National Institutes of Health, National Nuclear Security Administration, and parts of the Defense Department also reportedly compromised. Impacted agencies should take immediate steps to mitigate the collateral damage. The suspected Russian-backed attack was sophisticated and used new methods to breach its targets. However, the actual reconnaissance was detectable and cross infection was preventable.

solarwinds security breach attack

THIS IS A DEVELOPING CYBERATTACK AND MERLIN, LIKE THE REST OF THE CYBERSECURITY INDUSTRY, IS FOLLOWING CLOSELY TO UNDERSTAND HOW WE CAN ASSIST OUR CUSTOMERS AND PEERS AT LARGE IN RESPONDING.

CISA EMERGENCY DIRECTIVE 21-01
CISA ALERT AA20-352A

3 Actions to Take Now

Secure critical communications

wickr

Agencies dealing with the fallout must reevaluate the security status of their communication platforms. An immediate remedy would be the enterprise-wide use of Wickr, an end-to-end encrypted communications tool. Currently used by the Defense Department and holding multiple ATOs, agencies can leverage Wickr to safeguard all their critical communications and ensure mission continuity.

REQUEST DEMO
EXCLUSIVE OFFER: A free, no-commitment 30-day trial of Wickr
LEARN MORE

Baseline network behavior

Darktrace

Darktrace is the world’s leading artificial intelligence company for cyber defense. Its Cyber AI Platform baselines all network traffic within an organization and creates profiles of the users, applications, and traffic. This provides immediate awareness when a tool or solution is compromised. Even in proprietary protocols, packet behavior still shows a normal pattern of life. Thus, even with the traffic hidden in the Orion protocol, Darktrace can detect it.

During a Proof of Concept at a government agency a day after the SolarWinds breach was disclosed, the Orion malware was seen in real-time in its compromised state. This prompted an immediate response by the agency’s SOC team. Darktrace had recognized a completely new threat.

REQUEST DEMO

Lock down access

cyberark

Service accounts are a common tool across enterprises and can go unmonitored, unreported, and unsecured. With the Solarwinds breach, service accounts provided a free pass into the infrastructure and critical services across an organization’s infrastructure.

CyberArk is the market leader and trusted expert in privileged access management (PAM) for the federal government. Its comprehensive platform manages and secures service accounts, whether they’re local or domain accounts. CyberArk’s Core Privileged Access Security Solution centrally secures and controls access to privileged credentials, isolates and monitors admin sessions, and detects, alerts, and responds to anomalous privileged activity.

In the SolarWinds breach, the malware performed abnormal activities, created new user accounts, and accessed other devices. CyberArk could have immediately shut down new accounts and brought attention to the rogue behavior.

REQUEST DEMO

Learn more about CyberArk, Darktrace, and Wickr