TRUST.
Trust. You always have to trust someone in a digital world. The news headlines below describe a current reality: the largest cybersecurity attack in history is being unraveled in real time. To be fair, the attack was publicly disclosed a month ago in December, and experts are still trying to figure out the scope of compromise. Organizations of all sizes, utilizing the SolarWinds Orion platform, potentially installed a malicious update to this software platform. Ironically, the Orion platform is used to increase availability of resources – one of the three key pillars of cybersecurity.
Most of our clients do not have the budget or talent to develop their digital software in house, so they purchase software developed by a third party. Think about all of the different types of software you interact with on a daily basis: CRM, word processor, spreadsheet, email, etc. In each instance, some level of trust is required before you start to utilize these software packages. We likely don’t think twice about the software development process – we just care that it has the features and workflow that will move our organization forward. Perhaps we assume that these vendors make cybersecurity a priority during software development. Should we make this assumption?
Many small to mid-size organizations are not going to be able to influence the security considerations that go into an off the shelf software package. Your investment in the vendors product is a drop in the revenue bucket – take it or leave it.
In all fairness, many of the organizations that were targeted during the SolarWinds Orion compromise are very large organizations. They have a dedicated cybersecurity budget. Many take cybersecurity seriously and implement controls that make sense in their environment, and yet for months attackers went undetected in their network. The point here is that you can do all the “right” things, make the “right” technical control investments, and yet not achieve the outcome you expect.
A Security Event & Incident Management (SEIM) platform is designed to digest logging data and then analyze it in a variety of ways. Such a platform can consume logging from any number of sources: firewalls, security tools, workstations, servers, etc. These data streams are then compared against various threat intelligence feeds to alert you of events that show some degree of an indicator of compromise. This real time data can alert system administrators to potential security events that would otherwise go unnoticed. You can also conduct threat hunting exercises to review historical data in the event you learn about some form of zero-day (or novel) threat that has already happened, such as what happened with the SolarWinds incident – an attack that went undetected around the world for over six months.
Boost Your CyberSecurity With Morefield Communications
We have partnered with Perch Security to deliver a managed SEIM service in partnership with their Security Operations Center (SOC) – a team of hyper focused cybersecurity professionals that monitor the logging from you network 24/7. The Perch solution helps to monitor your network at all times, and they will escalate any actionable events to your attention for remediation. This cloud hosted solution will scale from just a few endpoints to thousands of devices.
Perch also helps organizations satisfy compliance requirements, for example: CCMC, HIPPA, SOX, PCI, etc. Many small organizations also use cybersecurity frameworks, such as the NIST Cyber Security Framework (CSF), to drive decision making and to facilitate creation of an organizational security policy. The Perch solution fits into the following CSF functions: Identification, Protection, Detection, and Response.
The outcome for a small business is clear when choosing security solutions: you can spend less of your time trying to find a needle in a haystack and more time focused on your business goals. We encourage you to reach out if you would like to learn more about the Perch Solution.
Contact Morefield Communications to learn what those network defenses are for you.
