Security Fundamentals – What We’ve Learned from the SolarWinds Hack
Last month, we wrote about the sophisticated and long-running cyber-espionage campaign distributed through the widely-used network management software, SolarWinds.
New information has recently come to light. We now know that the threat group behind the supply chain attack that targeted SolarWinds leveraged a piece of malware for lateral movement and deploying additional payloads.
The SolarWinds attack involved the delivery of trojan-ized updates to as many as 18,000 of the company’s customers through Orion, an IT monitoring product. These malicious updates delivered a piece of malware named Sunburst, which the attackers inserted into the Orion product using another piece of malware known as Sunspot.
While Sunburst Backdoor is a sophisticated attack vector, it is still just a trojan on a network with lateral movement. A company can deploy many of the typical network defense and incident response techniques immediately.
The SolarWinds attack is interesting because you can’t really stop it from happening. However, you can detect and stop lateral movement and data exfiltration from your network by focusing on certain security fundamentals. We define these fundamentals as follows:
- Understand your assets
- Know what is on your assets
- Manage the accounts on your assets
- Understand your asset’s vulnerabilities
- Establish secure baselines
But how can you protect your critical data and effectively implement these security fundamentals on NonStop systems? CSP has perfected many security and compliance tools to help you achieve these security fundamentals, such as File Integrity Monitoring, User Management, Command Control, Multi-factor Authentication, Audit, and Compliance Reporting.
Today’s fancy new defense tools are no replacement for asset management controls. Threat intel won’t do you much good if you lack contextual asset data. AI benchmarking will only learn and continue to allow bad habits if your environment was already out of compliance when the tools were initially implemented.
The most effective security tools focus on these fundamental security practices by establishing secure baselines and building workflows around them to make it easier for analysts to focus on the real problems.
Securing NonStop Systems Effectively
With CSP PassPort
CSP provides several comprehensive security solutions that will protect your NonStop systems and ensure that you meet all of your compliance requirements. Organizations are relying on CSP’s trusted security solutions more than ever to ensure the integrity of their applications.
CSP PassPort provides comprehensive user and command control, password quality enforcement, and auditing. It controls and filters user access to systems, programs, and commands according to customized user profiles. It offers superior user authentication, command control, session control, accountability, and auditing capabilities not available with Guardian or Safeguard security.
All user terminal input/output operations (including OSS) can be monitored via an easy-to-use GUI interface, while an audit process records all user activities.
User Account Update Screen
- Limit user access to sensitive assets, programs and commands
- Improve user accountability and audit activities
- Track powerful user id’s and commands
- Prevent easy hacks by enforcing Password Quality
- Eliminate the need to disclose sensitive SUPERID passwords for executing commands
- Generate extensive reports of user activities
- Get real-time notifications with Alert-Plus, and forward logs to SIEM for analysis
- Monitor and audit user sessions down to keystroke level
- Role-based user access
- Time restrictions by command and program
- User Authentication SEEP to prevent users from logging on outside CSP PassPort
- Powerful Custom Reporting
- Control client connections by IP address or IP address ranges
- Multi-factor authentication support (coming soon!)
Learn more about CSP PassPort here.
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
+1(905) 568 –8900