Learnings from the SolarWinds Orion cybersecurity attack
Some details on the SolarWinds attack are coming out. Full details on the attack may not be fully understood for months. But we know it has been significant. I participated in an insightful webinar conducted by #cyberereason yesterday. There was a conclusion that I’ve been thinking about since. Normal indicators of compromise that shared by threat intelligence participants not useful for this attack. The conclusion was that for sophisticated attacks like this one, especially coming from a trusted third party (and unknown to that third party), requires observation of abnormal behavior within the network. While AI and Machine Learning should help us get better at recognizing “abnormal behavior”, this is a very fuzzy target. But it can be self-clarifying by deploying deception targets (honeypots) that are hard for attackers to recognize, but easy to monitor. I remember first talking about using #honeypots in cybersecurity 20 years ago with Phil Palmroth. It’s getting more clear to me that using deception in defense will need to be highly prioritized in the future. And of course, implementing #zerotrust is the second half of the one-two punch.
You can watch the original webinar here: Cybereason SolarWinds Attack