What We Can Learn from the SolarWinds Breach

What We Can Learn from the SolarWinds Breach

Date: April 15, 2021

The SolarWinds breach in December 2020 demonstrates the importance of having a fortified cybersecurity approach to protect data. SolarWinds, a US-based software company, was hacked late last year. This breach remained undetected until early 2021. The supply chain attack introduced vulnerabilities in SolarWinds’ Orion product which resulted in several large IT companies and government agencies also being attacked. However, the SolarWinds hack was a very difficult one for organizations to protect against for several reasons. The very nature of the SolarWinds application requires it to have privileged access across most of a company’s systems; it monitors the performance, uptime, and metrics of a wide variety of systems. As a result, a company running the SolarWinds software was vulnerable to exploit across its entire infrastructure.

We can glean many lessons learned from this incident to prevent something like this happening in the future. This goes for any IT company or government agency.

At T-Rex, we gained valuable information that we can use to strengthen our network security. Below are some of these lessons learned:

  • Have a robust and well-exercised incident response capability that allows you to respond quickly and effectively to any incident, including SolarWinds.
  • Provide a clear delegation of authority (DOA) to a leader, and at least one backup leader, who is authorized to “pull the plug” immediately on a compromised system.
  • Ensure that your logs are secured so that an attacker with elevated permissions cannot delete them. For example, consider shipping an archive copy of your logs to an AWS Simple Storage Service (S3) bucket in an account that is not managed by the same set of admins.
  • Focus on the MITRE ATT&CK techniques that can be used to move laterally or exploit an Identity and Access Management (IAM) system once the attacker has a privileged foothold. Even if you can’t block it, you can at least detect it.
  • Carefully control the use and permissions of service accounts and remove their cached passwords. Service accounts are frequently given too many permissions.
  • Use a privileged account management tool to require a privileged user to request the ability to use their admin account, which requires an approval step and generates logs.

Not coincidentally, April is National Supply Chain Integrity Month. To learn more about Supply Chain Integrity, check out these articles below:

A massive supply chain attack, like the SolarWinds event, is unfortunate for all parties involved but can be turned into a learning experience. In the ever-evolving threat landscape, it is important for us to take a breach and use it to learn more about the new methods in which hackers are gaining access to our networks. Additionally, we can use these incidents to enhance our prevention efforts. We can culminate all the lessons learned from this one incident to further improve our cybersecurity hygiene.

Learn more about T-Rex’s cybersecurity capability here.

Want to stay in the know? Subscribe to our newsletter to stay up-to-date on our content.


recently posted
T-Rex is Hiring at Hill Air Force Base

T-Rex is Hiring at Hill Air Force Base

Since 2016, T-Rex has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. We are excited about expanding our IT Modernization services within the National Security market, […]

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Agencies are seeking innovative ways to mature their Zero Trust posture. In this article, we have focused on improvements to your DevSecOps to increase maturity in two pillars: 1) Devices and Applications and 2) Workloads.

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

In April 2023, CISA released Zero Trust Maturity Model Version 2, which added a fourth security maturity level and reaffirmed application and workload cyber requirements. In this article we consider Application Threat Protections security levels within the Applications and Workloads […]

Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

Dr. Allen Harper on How T-Rex Helps Federal Agencies Meet the Zero Trust Challenge

The White House Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” calls for Federal agencies to adopt and implement zero trust architecture. In a recent interview with Washington Exec, T-Rex’s Executive Vice President of Cybersecurity Dr. Allen Harper discusses the […]