Last week’s cyberattack on network monitoring vendor SolarWinds showed us one thing: the traditional security architectures tasked to protect our most powerful government agencies and private companies cannot withstand modern cyber threats.
For far too long, cybersecurity strategies have been focused on reactionary measures rather than preventative. In this case, the SolarWinds Orion system had a proficient attack detection technology in place, but the technology itself didn’t go far enough to prevent the attack entirely. Now, we’re facing the repercussions of SUNBURST malware having gone undetected in the Orion software for months—giving foreign hackers access to confidential information.
However, after assessing what happened, we can see that the impact of the attack could’ve been avoided with a security architecture grounded in zero trust.
The attackers used the SolarWinds Orion server—software that was trusted by federal agencies and Fortune 500 companies—as an entry point to infiltrate partnering operations. Once malware was released inside the SolarWinds server software, it propagated to installations at the Department of Homeland Security, Department of Justice, Department of Defence, and others, and then reached out to a malicious DNS server to receive command and control instructions.
Like in most organizations, SolarWinds’ server is allowed outbound communications from within the security perimeter, and only known bad destinations are blocked. This created a window of opportunity for the attacker. Likewise, since Solarwinds Orion binaries were assumed to be perfectly safe, there was remarkably little protection against bad behavior by compromised binaries.
If, however, the SolarWinds system had adopted a zero trust approach, this architecture would have been inverted. Rather, it would have limited communications to known and authenticated entities—regardless of whether they were coming from a trusted network—and would have blocked access to the hacker-controlled DNS server.
Additionally, each component would have been granted only the limited rights it needed, meaning that even if a hacker got inside, their access would have been minimized significantly. In particular, the compromised Orion components could have been blocked from turning off other security protections, as Orion would not have been granted those authorizations.
At Xage, we know the strongest architectures need multiple software components that cooperate together to enforce policy, with no element being fully trusted, meaning no single compromise could lead to a system-wide breach. You can think of this as an extension of the idea of “Defense in Depth”. Knowing that no individual component can be made perfectly secure—not even a software binary signature, which was compromised in the Orion case—a highly-secure architecture requires multiple components to cooperate with one another in managing systems and infrastructure—the whole being more secure than any of its parts.
A zero trust architecture shifts the emphasis from monitoring for attacks to blocking and/or isolating them. As more organizations embrace a zero trust approach to securing their operations, we’ll see far fewer, and much less severe, cyberattacks than those unfolding today.