Post breach remediation: The SolarWinds hack and how Tehama can help


Chuck Thibert

Chuck Thibert

Dec 14, 2020

·

4 min read time

Post breach remediation: The SolarWinds hack and how Tehama can help

The news broke on an otherwise uneventful Sunday afternoon in mid December: IT management company SolarWinds’ Orion network monitoring tool had suffered a devastating compromise. A supply-chain based attack had hidden malware in one or more of the tool’s many software updates, which are regularly dispatched to SolarWinds’ hundreds of thousands of clients.

As a result, networks of U.S. government organizations (including the Treasury and Commerce departments) and others were penetrated by malicious actors in what experts called a “highly sophisticated” attack. SolarWinds’ clients include the entire U.S. military, the U.S. State Department, the Office of the President of the United States, and many Fortune 500 companies.

Network access continued for months before the hack, perpetrated on Orion update versions 2019.4 through 2020.2.1 between March and June 2020, was discovered. Observers said the attack was almost certainly sponsored by a “nation state” and was almost certainly connected to the recent FireEye hack. “They operated clandestinely, using methods that counter security tools and forensic examination,” said FireEye CEO Kevin Mandia in a statement last week. “They used a novel combination of techniques not witnessed by us or our partners in the past.”

FireEye christened the malware “Sunburst” while also releasing a technical report and a set of detection rules. SolarWinds said it believed the number of customers affected to be “fewer than 18,000” and says it has released a hotfix update to at least partially address the vulnerability.

Disaster recovery and remediation after a breach: Why traditional VDI and DaaS aren’t enough

The twin goals of IT remediation, mitigation, and disaster recovery (DR) following such an incident are 1) To get back up and running as soon as possible; and 2) To ensure a similar compromise never happens again.

The problem for most organizations, however, is that getting back up and running as soon as possible usually means quickly transitioning to employee-owned devices, at least for a few days. Because most of these employees will work from home, they’ll also need to connect their devices to crucial business systems over residential WiFi networks.

That IT security double whammy is a terrifying prospect for any IT leader – especially in the wake of a major security incident. But what other options are there? Virtual desktop infrastructure (VDI) is a possible solution, but isn’t well-suited for DR if it hasn’t already been implemented as part of an organization’s overall desktop strategy.

Desktop-as-a-service (DaaS) options can be easier and faster to deploy than traditional VDI. But this solution can be equally problematic in that traditional DaaS typically uses perimeter-based security, widely regarded as obsolete today given the number of highly sophisticated attacks and insider threats.

How Tehama can help with emergency IT remediation after a security breach

Tehama’s next-generation enterprise DaaS doesn’t have these issues because it was designed as a secure service delivery platform. It allows organizations to:

  • Maintain extremely granular control of all remote work environments
  • Access corporate systems remotely, while allowing only trusted users to bring your organization’s network and infrastructure back online
  • Audit or review all activity that takes place on all virtual desktops, down to the keystroke
  • Establish a brand-new perimeter with Tehama’s suite of IT security controls

Tehama enterprise DaaS is flexible enough to allow enterprises to scale up quickly – with most deployments taking less than an hour to set up – and comes with a virtual army of built-in security and compliance features that would take weeks (if not months) to set up and configure individually. These include Zero-Trust network isolation, multi-factor authentication (MFA) and endpoint isolation, least privilege permissions, data protection, as well as deep forensic and regulatory compliance auditing tools.

Tehama’s fully automated monitoring and forensic auditing also protect from supply chain attacks like the above far more effectively than perimeter-based security tools – negating the need for remediation in the first place.

Indeed, traditional approaches built to meet yesterday’s security standards aren’t enough anymore. That’s especially the case as malicious actors become more sophisticated, and organizations become more beholden to compliance and regulatory standards surrounding the safekeeping of sensitive customer and other data. If you’ve been affected by this week’s SolarWinds breach and need a secure, compliant solution for emergency IT remediation, please don’t hesitate to give us a shout. Tehama is here to help: Contact us via email or phone: 1-888-792-5104


Shape line

Read More

Overcoming the challenges of securing & scaling today’s hybrid workforces

Overcoming the challenges of securing & scaling today’s hybrid workforces

With cybersecurity incidents on the rise, CISOs have a lot keeping them up at night these days. Not only does their job description usually call for long hours to ensure the timely, efficient delivery of secure applications and data to stakeholders, the ongoing pressure of an evolving threat landscape can lead to near-constant stress, and even the fear of getting fired according to a recent survey, which can impact both their mental and physical health. Additionally, there are other outside factors compounding the situation including the complexity associated with juggling the increasing number of endpoint device types (i.e. smartphones, tablets,…
The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

The costs and likelihood of cyber attacks are rising quickly. Here’s what to do about it

When cybersecurity firm Mimecast discovered in early 2021 that its systems were compromised, it wasn’t because hackers targeted the company itself. Rather, one of its suppliers had been. And not just by any hackers, either. The culprit in this case, according to experts? The APT29 entity, a group often associated with Russia’s Foreign Intelligence Service (SVR). That’s just one example of the increasingly complex array of existential threats faced by modern organizations – and the threat landscape is only getting worse. Not only do the costs of a cyber attack or data breach rise practically by the day, but so…
If your business continuity plan doesn’t include cybersecurity, we need to talk

If your business continuity plan doesn’t include cybersecurity, we need to talk

In an era of constant change and upheaval, would any organization dare to carry on without a business continuity plan (BCP)? Well, apparently, yes. In a 2020 survey by Mercer, more than 27 percent of respondents admitted to having no BCP in place. And nearly 24 percent said they’re still working on it. That means more than 50 percent of those companies have no clear idea of how they’ll keep operating in the event of a disaster, and no list of things to do if there’s a hurricane, a fire or another pandemic. In other words, they’ll have to make…
/wp-content/uploads/2021/08/subscribe-background.jpg
#011627
Subscribe Here!
Get Tehama insights sent straight to your inbox!
By submitting this form, I consent to receive e‑newsletters, helpful information and promotional messages and can withdraw consent at anytime.
Subscribe Here!

Get Tehama insights sent straight to your inbox!

Loading