You’ve seen the headlines — US Suffered Massive Cybersecurity Breach — Worst-Ever US Government Cyberattack. You may have even paused long enough to read beyond the headlines. Now is the time to think about having a sonicwall and firewall installed.
That’s not exactly true. Your business may not be the target of an elaborate attack, but there are plenty of insights to be gained from a more in-depth look at SolarWind’s Sunburst Vulnerability.
SolarWind offers network monitoring tools that help detect, diagnose, and resolve network performance problems and outages. Its monitoring solutions are used by numerous US Government Agencies as well as large multi-national corporations to ensure their networks perform as optimally as possible. Like many software providers, SolarWind offers automatic updates.
SolarWind maintains a server that stores its updates. Customers may request updates from the server and install them manually, or they can have the updates downloaded and installed automatically. Hackers were able to compromise SolarWind’s update server and place malicious code in the updates. The code gave the bad actors remote access to any network running the compromised update.
Based on initial assessments, the attack began in March of 2020. Still, it was not discovered until December, when FireEye, a cybersecurity firm, conducted an internal investigation into a breach of its system. During this investigation, FireEye determined that hackers gained remote access to its network through the malicious code embedded in SolarWind’s updates.
What Can We Learn?
SolarWind’s compromise was an example of a supply chain attack, where hackers exploit a vulnerability in one system to compromise other organizations. Part of the success of a supply chain attack rests with the traditional cybersecurity mindset that everything inside a network is secure. In other words, companies would fortify the perimeter of their networks, assuming everything inside the walls was secure. In today’s environment, boundaries are more porous, and it’s not as simple as an us-versus-them approach to cybersecurity.
Trust No One
Zero Trust Architecture is a cybersecurity model that assumes that every user, application, or resource is a potential hacker. It uses hardware and software to ensure that the entity requesting access has permission. Part of a zero-trust framework is micro-segmenting and least-privileged access, making it more difficult for users to move inside as well as outside the network.
Many organizations implement some form of “whitelisting,” where specific applications, URLs, or static IP addresses do not go through the established scanning or protection protocols. Software updates from a trusted source such as SolarWind would fall within the category.
Use Best Practices
The National Institute of Standards and Technology issued a special publication 800-171, which proposes a cybersecurity framework for non-federal organizations. It’s intended to provide best practices for cybersecurity. For example, NIST 800-171 Section 3.4 discusses the importance of proper firewall configuration and management, including the use of black-and-white-listing.
Investigations are still underway regarding the precise nature of the SolarWind breach; however, it has been suggested that the front-facing update server was compromised. Given that the NIST 800-171 was published in February of 2020, it’s unlikely that SolarWind had adopted any of NIST’s security recommendations.
Review Update Policies
Managing software updates for an enterprise can be challenging. Should updates be downloaded automatically? If so, should they be segmented from the rest of the network until scanned? Should updates be installed automatically without checking for possible compromises? Most SolarWind clients who were infiltrated allowed updates to be downloaded and installed without manual intervention.
While the automatic updating of software applications is common practice, more companies need to revisit their policies given the SolarWind incident. Cybersecurity has multiple layers that must be analyzed to ensure that no vulnerabilities are exposed. Partial implementation can lead to system compromises.
Remember Everyone is a Target
Many companies do not see themselves as possible targets. They consider their virtual assets of little value to hackers. For cybercriminals, size doesn’t matter. Even a few records with confidential or personal information can be sold on the dark web. Cybercrime has grown into a criminal network, where organized crime groups perform 55% of all attackers.
How do SonicWall’s Firewalls Protect Against Attacks?
Firewalls are the first line of defense for most organizations, but firewalls are not created equal. Some firewalls focus on keeping malware out. Others watch traffic in and out of a system. SonicWall’s series of firewalls offers features to meet rigorous cybersecurity standards. Depending on the specific firewall, SonicWall’s solutions provide a range of features to protect data from inside and outside a network’s perimeter.
SonicWall’s solutions provide the following features to control traffic and protect digital assets.
- Antivirus tools for scanning and quarantining digital materials
- White- and black-listing of URLs
- Antispam filters to protect against email spam
- Content filters based on file extensions
- Web filter based on the website address
- Intrusion capabilities to prevent and detect unauthorized access
With these tools, organizations can control the movement of traffic to and from network locations.
SonicWall’s firewalls capture data for all firewall functions. They store the information, including incidents and user activity, for analysis. The results can be displayed on a customizable dashboard. The data can be used to create reports or to provide a visual representation of data.
How a firewall operates depends on its configuration. SonicWall’s firewalls installed will enable network administrators to perform the following:
- Customize network access rules and workflows.
- Customize rules to meet compliance requirements.
- Create application-level proxies to apply security mechanisms while concealing client networks.
- Determine the maximum number of connections that can be tracked and secured.
Once installed, SonicWall’s products can be configured to address the most robust security requirements.
SonicWall’s line of firewalls does more than monitor traffic going through the device. The firewalls can be configured to:
- Perform load balancing to ensure even distribution of resources.
- Monitor traffic to scale workloads to match traffic.
- Detects variations in user access, traffic flows, and standard operations.
Resource management helps protect against unauthorized activities. When systems do not perform as designed, they increase the number of possible vulnerabilities.
SonicWall provides added features that can help secure a company’s network.
- Virtual Private Network (VPN). Provides a virtualized network.
- URL Filtering. Provides tools to control traffic to match firewall policies.
- Availability. Provides distributed configuration options to minimize network failure and ensure business continuity.
With a SonicWall firewall installed and properly configured, an organization is protected even against supply chain attacks.
How NOT to Be Headline News
What do Target, Equifax, and Capital One have in common? They made headlines because of a security breach. SolarWind recently made headlines in the cybersecurity world because it was an unprecedented supply chain attack, the scope of which is still under investigation.
One way to ensure your company’s name isn’t part of the next cyberattack headline is to install a SonicWall firewall. Their solutions are designed to scale from a small business to a multi-firewalled enterprise.
At Computero, we specialize in the installation and configuration of SonicWall appliances. Contact Computero to discuss how SonicWall solutions can strengthen your cybersecurity?