After SolarWinds, worldwide governments can trust no one

The effects of the SolarWinds attack will be felt for a long time, and will ripple far beyond the government alone. Even though investigations and…

OpenText profile picture

OpenText

February 25, 20214 minutes read

The effects of the SolarWinds attack will be felt for a long time, and will ripple far beyond the government alone. Even though investigations and analysis of the discovered hack remain ongoing, it has become clear that the scope is extensive, and the full impacts will likely prove to be devastating.

To recap, at the end of 2020, FireEye discovered what it described as a “global intrusion campaign” perpetrated via malicious, trojanized updates to SolarWinds’ Orion network management software. According to the latest estimates, the compromised SolarWinds software made its way into approximately 18,000 enterprises, government agencies and other organizations around the globe.

The SolarWinds revelation has shone a light on something that many knew could happen but didn’t believe would. We now know that both government organizations and their software partners need to step up their security game.

It won’t be easy. It is going to take a good deal of time, effort and money to build cyber resilience into government business practices. However, we know that this has to happen. By following the principles of DevSecOps and Zero Trust, government supply chains can be prepared for the next cyber assault.

The need for Zero Trust

In recent years, a strategy of Zero Trust has become increasingly popular. In a Zero Trust environment, cybersecurity moves from the traditional focus—protecting static, network-based perimeters—to one centered on users, assets and resources. In February 2020, the National Institute of Standards and Technology (NIST) updated its Special Publication 800-207 to help to make the case for Zero Trust in government. That update became all the more important as the COVID-19 pandemic led to more government staff working remotely and more services being accessed online.

Prophetically, NIST warned that users coming from another trusted network or location—where their credentials had already been verified—are normally given full access to data and agency resources without any further review, even though they could be a potential threat. The same is true for software, as SolarWinds has demonstrated.

The result of this: Organizations have built silos of trust, where there is an intrinsic belief in the integrity of the source. Even where red flags are raised, the security team is likely to pay little heed.

The SolarWinds attack has shown that this approach is no longer sustainable. It’s now clear that an organization can trust nothing but must instead assume that everything—even from the most trusted of sources—represents a potential threat. This requires continuous monitoring and complete verification of every user, asset and software application on the network.

Zero Trust can’t be achieved with a single product or platform. It will always require multiple tiers of different techniques and technologies: multifactor authentication, single sign-on, continuous monitoring, and intelligent threat modeling and detection. And all of these must work together in a Zero Trust framework. Recent developments indicate that organizations recognize this: the US government, for example, is encouraging departments and agencies to take steps toward Zero Trust by supporting security programs such as the Continuous Diagnostics and Mitigation (CDM) program and the Federal Identity, Credential and Access Management (FICAM) program.

The Zero Trust environment requires taking a multi-layer approach. It involves a holistic, integrated framework that recognizes that any single security solution or small combination of solutions will not deliver adequate protection.

So how do you build cyber resilience into a business to deliver effective protection, rapid remediation and ongoing business continuity? It requires the correct blend of people, process and technology.

Starting with this perspective, it’s possible to build upon the Defense in Depth models that government organizations have invested in for years. This approach can address virtually all threats, including SolarWinds-type supply chain attacks.

Assistance for your response

OpenText issued a customer advisory providing EnCase Endpoint Security customers with detection rules for SUNBURST. These can be downloaded from the MySupport portal.

For advice, guidance and assistance with your SolarWinds compromise, our Professional Services team is available to conduct an advanced threat hunt to look for the SUNBURST infection. We can also search the network for Indicators of Compromise (IoCs) running in your environment, manage a digital forensics and incident response of infected systems, develop preventive cyberattack measures to alert on IoCs and assist with Tactics, Techniques and Procedures (TTPs).

You can learn more about our Security Services here. And to request a Threat Hunt or obtain assistance with an urgent Incident Response, email securityservices@opentext.com.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText avatar image

OpenText

OpenText, The Information Company, enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

See all posts

More from the author

Manutan combines digital services with the human touch to delight customers

Manutan combines digital services with the human touch to delight customers

At Manutan, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our company has three divisions, serving…

January 31, 2024 4 minutes read
Reaching new markets in Europe and beyond

Reaching new markets in Europe and beyond

How information management specialists at One Fox slashed time to market for innovative products with OpenText Cloud Platform Services At One Fox, we’ve driven some…

January 18, 2024 4 minutes read
SoluSoft helps government agencies tackle fraud faster

SoluSoft helps government agencies tackle fraud faster

Fraud, in all its forms, is a pervasive problem, spanning industries and preying on vulnerabilities in federal and state government systems. Each year in the…

November 21, 2023 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.