Hitting the Kill-Switch During a Supply Chain Attack
You’ve probably heard about the massive security breach at IT management company SolarWinds, one of the most significant supply chain attacks in recent history. Now that we’ve gotten some distance from the event, we wanted to recap what happened and what you can do in the future.
SolarWinds was compromised when hackers, believed to be Russian, inserted malware into its Orion network management product updates. As a result, 18,000 organizations may have installed the software and been compromised. They include the U.S. Treasury Department, the U.S. Department of Homeland Security and cybersecurity firm FireEye, which earlier disclosed a breach that resulted in the theft of its red team tools.
If you’re interested in understanding what happened, you can find great resources by FireEye and Microsoft that explain the bits and bytes of the attack.
At this point, I’d like to discuss not about what led to the breach, but about what we can do when we need to respond to a supply chain attack that affects our organization. It’s important to look at various aspects, like having visibility into your third- and fourth-party landscape, knowing who to contact to better understand how to mitigate issues, creating actionable “kill-switches” to third parties connected to your organization, and of course, gaining continuous information flow about all of your third parties at scale through automation. You can read about this and more in our blog post: “5 Important Takeaways from the SolarWinds Supply Chain Attack”.
I’d like to thank my “brother in arms” Elad Shapira, our Head of Research at Panorays, for the ongoing support and effort of creating best practices for our customers, while leveraging our platform to be able to manage this whole process and to implement it with a click of a button.
