Category: cybersecurity

Could SolarWinds Happen to Me?

TRUST.

Trust. You always have to trust someone in a digital world. The news headlines below describe a current reality: the largest cybersecurity attack in history is being unraveled in real time. To be fair, the attack was publicly disclosed a month ago in December, and experts are still trying to figure out the scope of compromise. Organizations of all sizes, utilizing the SolarWinds Orion platform, potentially installed a malicious update to this software platform. Ironically, the Orion platform is used to increase availability of resources – one of the three key pillars of cybersecurity.

Most of our clients do not have the budget or talent to develop their digital software in house, so they purchase software developed by a third party. Think about all of the different types of software you interact with on a daily basis: CRM, word processor, spreadsheet, email, etc. In each instance, some level of trust is required before you start to utilize these software packages. We likely don’t think twice about the software development process – we just care that it has the features and workflow that will move our organization forward. Perhaps we assume that these vendors make cybersecurity a priority during software development. Should we make this assumption?

Many small to mid-size organizations are not going to be able to influence the security considerations that go into an off the shelf software package. Your investment in the vendors product is a drop in the revenue bucket – take it or leave it.

In all fairness, many of the organizations that were targeted during the SolarWinds Orion compromise are very large organizations. They have a dedicated cybersecurity budget. Many take cybersecurity seriously and implement controls that make sense in their environment, and yet for months attackers went undetected in their network. The point here is that you can do all the “right” things, make the “right” technical control investments, and yet not achieve the outcome you expect.

A Security Event & Incident Management (SEIM) platform is designed to digest logging data and then analyze it in a variety of ways. Such a platform can consume logging from any number of sources: firewalls, security tools, workstations, servers, etc. These data streams are then compared against various threat intelligence feeds to alert you of events that show some degree of an indicator of compromise. This real time data can alert system administrators to potential security events that would otherwise go unnoticed. You can also conduct threat hunting exercises to review historical data in the event you learn about some form of zero-day (or novel) threat that has already happened, such as what happened with the SolarWinds incident – an attack that went undetected around the world for over six months.

Written by Clinton Eppleman, CISSP, Team Lead, IT Professional Services, Morefield Communications

Boost Your CyberSecurity With Morefield Communications

We have partnered with Perch Security to deliver a managed SEIM service in partnership with their Security Operations Center (SOC) – a team of hyper focused cybersecurity professionals that monitor the logging from you network 24/7. The Perch solution helps to monitor your network at all times, and they will escalate any actionable events to your attention for remediation. This cloud hosted solution will scale from just a few endpoints to thousands of devices.

Perch also helps organizations satisfy compliance requirements, for example: CCMC, HIPPA, SOX, PCI, etc. Many small organizations also use cybersecurity frameworks, such as the NIST Cyber Security Framework (CSF), to drive decision making and to facilitate creation of an organizational security policy. The Perch solution fits into the following CSF functions: Identification, Protection, Detection, and Response.

The outcome for a small business is clear when choosing security solutions: you can spend less of your time trying to find a needle in a haystack and more time focused on your business goals. We encourage you to reach out if you would like to learn more about the Perch Solution.

Contact Morefield Communications to learn what those network defenses are for you.

Learn more about IT security from an expert

Morefield Communications Response to SolarWinds Cyber-Attack

On December 13, 2020, the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive after discovering malware contained within a recently released software from the company Solarwinds. Solarwinds is an American company that develops software for businesses to manage their information technology. The malware has been discovered in Solarwind’s Remote Monitoring and Management platform named “Orion”.

The malicious software was implanted into the Solarwinds master servers around March of this year, from a successful attack by a sophisticated team of nation-state hackers. It is now known that this malware has affected many organizations and government entities which were utilizing the compromised Solarwinds software.

Morefield Communications does not utilize Solarwinds software in our delivery of environment monitoring and management services. In response to the recent cyber-attack, Morefield has conducted a thorough audit and review of its partners, suppliers, & distributors for any connector to SolarWinds software. We are working with all outside partners and providers to further identify any client’s connection to Solarwinds software and have proactively reached out to any of our clients known to have a connection to any version of SolarWinds software. Morefield has not sold or installed any hardware or software by the listed compromised companies. As part of our commitment to our clients, we acted quickly to ensure that none of our software providers or hardware products contained the same or similar vulnerabilities associated with the SolarWinds hack.

We continue to monitor our software and client systems diligently for all malicious or unusual activities, as well as all advisories for any similar events. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions.

Additional Information:

 

Sign Up for Our Newsletter