Will the western world be knocked out by the Russians? It appears so. Since March, Russian spies have been active in numerous international companies and government agencies. In the Netherlands too. This frightening reality is due to a hack via IT management software vendor SolarWinds. Are you affected? Time to bring up your guard!
The situation
SolarWinds is an American company that develops expensive software to monitor complex global corporate networks. These networks are complex because they are built out of a multitude of ‘point’ solutions: Each solution solves a specific problem, but creates new problems. This creates the need for another solution, and so on. Compatibility is limited and it is hard to gain insight into the overall IT infrastructure.
Sunburst attack?
This is when Solarwinds comes in, to bring back the central overview. Solarwinds therefore is a special point solution, because it is linked to all other point solutions! Through a clever hack, the Russians abused these links as a ‘digital back door’ and penetrated these complex networks. Under the name ‘SUNBURST’, this hack attack appears to have dark consequences.. Especially when it goes unnoticed, you may secretly be watched…
The result of traditional thinking
I firmly believe that the best solution to prevent all this is in the Cloud. I am amazed to see that many large organizations, including governments, still are fearful to move to Cloud-native solutions with a much higher security level. With traditional network architectures, based on MPLS and on-site hardware, often the telecom organizations have chosen to link everything together. The primary driver for this appears not to be ensuring your continuous safety, but mainly to ensure that internet lines of their own Telco brand are sold.
In addition, I dare to go one step further. Traditional thinking also stems from fear on the customer side. An explanation is required: Suppose your network was one hundred percent secure and hacking attacks would not stand a chance, what is the role of network and firewall specialists? After a conversation with a CEO of an international organization, I realize that sometimes other factors are at play, namely protecting personal interests. “The more complexity to manage, the more important someone’s role can seem”, may be a way of phrasing it. But this also means that C-level executives don’t always get to hear everything …
What I recently told our Cato SASE Cloud customers
The Cato SASE Cloud and Cato’s internal network were not compromised and our customers’ networks are protected from SUNBURST: “Cato IPS and Cato Anti-Malware have already been updated with the latest IoCs (Indicators of Compromise) related to this attack. No further action is required from our customers and partners. The Cato security team monitors our customers’ networks for IoCs from SUNBURST infections and will notify them if any suspicious activity is found. ”
Cato’s strength in Security-as-a-Service
In summary, Cato’s strength is reflected in two areas after the attack:
- First, we were able to run all relevant engines (IPS, AM, NGAM & MDR) in our security stack to identify, block and report all indications from SUNBURST. This was done without any intervention from the customer and without any disruption to the service.
- Second, by taking advantage of Cato’s SASE architecture and big data, we were able to scan all of our customers’ networks in minutes, spot indicators of breaches and proactively contact affected customers using SolarWinds. They greatly appreciated to have been warned in time.
Large-scale hack attacks on governments and supply chains, such as the manufacturing industry, can be better defended in the cloud. The principle has been around for centuries: Minimize your attack surface and protect it with full force. Like a boxer’s defense position: hands near your head and chin on the chest! Harness the power of cloud! Easy.
A sunny message that you can take the blows, right?
Steven de Graaf.
LinkedIn