What We Can Learn from the SolarWinds Breach

What We Can Learn from the SolarWinds Breach

Date: April 15, 2021

The SolarWinds breach in December 2020 demonstrates the importance of having a fortified cybersecurity approach to protect data. SolarWinds, a US-based software company, was hacked late last year. This breach remained undetected until early 2021. The supply chain attack introduced vulnerabilities in SolarWinds’ Orion product which resulted in several large IT companies and government agencies also being attacked. However, the SolarWinds hack was a very difficult one for organizations to protect against for several reasons. The very nature of the SolarWinds application requires it to have privileged access across most of a company’s systems; it monitors the performance, uptime, and metrics of a wide variety of systems. As a result, a company running the SolarWinds software was vulnerable to exploit across its entire infrastructure.

We can glean many lessons learned from this incident to prevent something like this happening in the future. This goes for any IT company or government agency.

At T-Rex, we gained valuable information that we can use to strengthen our network security. Below are some of these lessons learned:

  • Have a robust and well-exercised incident response capability that allows you to respond quickly and effectively to any incident, including SolarWinds.
  • Provide a clear delegation of authority (DOA) to a leader, and at least one backup leader, who is authorized to “pull the plug” immediately on a compromised system.
  • Ensure that your logs are secured so that an attacker with elevated permissions cannot delete them. For example, consider shipping an archive copy of your logs to an AWS Simple Storage Service (S3) bucket in an account that is not managed by the same set of admins.
  • Focus on the MITRE ATT&CK techniques that can be used to move laterally or exploit an Identity and Access Management (IAM) system once the attacker has a privileged foothold. Even if you can’t block it, you can at least detect it.
  • Carefully control the use and permissions of service accounts and remove their cached passwords. Service accounts are frequently given too many permissions.
  • Use a privileged account management tool to require a privileged user to request the ability to use their admin account, which requires an approval step and generates logs.

Not coincidentally, April is National Supply Chain Integrity Month. To learn more about Supply Chain Integrity, check out these articles below:

A massive supply chain attack, like the SolarWinds event, is unfortunate for all parties involved but can be turned into a learning experience. In the ever-evolving threat landscape, it is important for us to take a breach and use it to learn more about the new methods in which hackers are gaining access to our networks. Additionally, we can use these incidents to enhance our prevention efforts. We can culminate all the lessons learned from this one incident to further improve our cybersecurity hygiene.

Learn more about T-Rex’s cybersecurity capability here.

Want to stay in the know? Subscribe to our newsletter to stay up-to-date on our content.


recently posted
T-Rex Celebrates Women’s History Month

T-Rex Celebrates Women’s History Month

T-Rex is celebrating the women who shaped the tech industry. As an IT company, we’re constantly working to shape an equitable future for all by challenging gender stereotypes and improving the representation of women in Science, Technology, Engineering and Mathematics…

T-Rex at AWS re:Invent 2020

T-Rex at AWS re:Invent 2020

T-Rex partnered with the U.S. Census Bureau to implement a successful enterprise-wide IT Modernization, bringing the 2020 Census online for the first time in U.S. history without a single second of downtime. Presenting at AWS re:Invent 2020, Utpal Amin, T-Rex’s…

T-Rex #1 Cloud Support Services provider in Bloomberg Government analysis

T-Rex #1 Cloud Support Services provider in Bloomberg Government analysis

Cloud computing spend totaled $6.6 Billion collectively across the Federal government in 2020, despite multiple Cloud acquisitions being put on hold. This is slightly more than $6.1 Billion in 2019, according to a Bloomberg Government (BGOV) analysis. T-Rex rose to…

T-Rex Honors Black History Month

T-Rex Honors Black History Month

In honor of Black History Month, T-Rex is celebrating the innovative contributions Black leaders in technology make to shape the industry. In celebrating the past, we also consider ways to enhance the future for Black leaders in Science, Technology, Engineering,…