The SolarWinds SUNBURST attack was one of the most damaging supply chain attacks in recent memory. This massive infiltration became an eye-opening revelation that posed a question to all security teams: What will the next big attack be, and will it even be detected?
In a recent SANS white paper, Network Security: Protecting Your Organization Against Supply Chain Attacks, they explored the need to evaluate the modern enterprise's security posture. With organizations today being made up of cloud deployments, on-site data centers, and a remote workforce, it's time to adapt and build a more comprehensive defense.
Advanced Attacks Require a Shift in Defense
Advanced attackers have shown us that they know how to evade endpoint-based defenses and logging tools. These threat actors see their targets through a different lens and if they realize that their actions are going undetected, they feel encouraged to continue.
To build a more secure defense, SANS recommends you think about:
- How your organization evaluates supply chain attack techniques
- If your security programs are endpoint heavy or endpoint focused
- If detections are limited to historical log visibility
- How to evaluate and monitor integrations with third-party solutions
By examining the different methods attackers can use to gain access to your critical workloads and data, you have an opportunity to improve your security posture.
Organizations Need to Review Their Security Capabilities
While it's become clear that endpoint security can be evaded and log data can be disabled, they still have value. In fact, both are incredibly important if used properly—but security teams need more than those sources to detect advanced attacks, and network data is the link that can help fill in the gaps.
Network data analyzed by cloud-scale machine learning can help secure an organization against third-party compromises by building profiles around what constitutes normal access. These profiles allow your IT team to develop a list of abnormalities to look out for in the future, and since network data is always on, it brings many additional security advantages to the table.
Eliminating the Attacker's Advantage
An enterprise's network data can be used for more than just detecting attacks. Network telemetry is also an excellent way to speed up incident response time. When organizations use all available data points, they can shorten—and possibly remove—any advantage an attacker possesses.
While the SolarWinds breach exposed how easily advanced attackers could evade defenses, it also created an opportunity to rethink how supply chain security functions. To learn more about how ExtraHop Reveal(x) can bring multiple data sets together to streamline detection, investigation, and response capabilities, read the SANS white paper.