It’s been nearly a year since the detection of the massive SolarWinds hack that affected thousands of organizations, including numerous government agencies and dozens of the world’s leading technology companies. Many are still cleaning up from what is widely considered the worst cyber-espionage incident in U.S. history.
As investigations into the attack continue, many victims remain troubled by one key question: Why did it take so long for some of the nation’s most security-conscious organizations to realize they had been breached?
Post-attack forensics have determined that Russian hackers gained unauthorized access to the SolarWinds network and injected malicious code into the company’s popular network monitoring software. Updates with the compromised code began shipping to customers in March 2020. That means attackers may have had up to nine months of unfettered access to victims’ systems.
Certainly, it was far more sophisticated than most cyberattacks. Microsoft President Brad Smith told Senate investigators the SolarWinds hack likely was the work of “at least 1,000 engineers.” However, far simpler attacks also remain undetected for long periods. IBM reports that it takes companies an average of 280 days to identify and contain a data breach.
A lack of in-house security expertise often contributes to the problem. Few organizations have the staff necessary to keep pace with the explosive growth in cyberattacks. According to the UN Security Council, cybercrime increased by 600 percent in 2020.
Another issue is a tendency to focus on preventive measures at the expense of detection and remediation. In most companies, the biggest part of the cybersecurity budget goes toward technologies and strategies designed to harden systems against attack. While that remains a top priority, organizations must also balance their efforts with a stronger emphasis on finding and stopping threats that have already breached defenses.
According to ESG research, 82 percent of cybersecurity professionals agree that improving threat detection and response is a high priority. However, 76 percent also say threat detection is becoming more difficult due to the increasing frequency and sophistication of threats, an expanding attack surface, and the ongoing shortage of in-house security skills.
The Technologent Approach
Technologent is addressing those concerns with a portfolio of solutions designed to help our customers achieve a balance between threat prevention and detection. As we’ve noted in several recent blog posts, measures such as regular network assessments, continuous security monitoring and threat remediation planning help you minimize the damage from threats through early detection and response.
Such capabilities are essential for exposing threats designed to remain active but unnoticed for long periods of time. Advanced persistent threats (APTs) and network resident threats (NRTs) feature stealthy malware that remains undetected for weeks or months, moving laterally throughout the network harvesting credentials and sensitive data. They are often concealed inside another file that seems legitimate, making them difficult to identify initially. Continuous monitoring keeps such threats under surveillance. If malicious behavior is spotted later, our system generates an alert with a dynamic analysis of the threat.
In addition, Technologent automates many facets of threat detection to root out APTs and NRTs. With advanced analytics and machine-learning algorithms, we can rapidly evaluate warnings, bulletins, alerts and incident report feeds from multiple threat intelligence sharing communities. This threat intelligence supports advanced threat-hunting capabilities for detecting, disrupting and isolating any threats that might evade existing security measures.
While threat prevention is obviously a high priority, it is never 100 percent effective. If a breach or attack does occur, organizations must be able to act quickly to limit the damage. Technologent’s assessment, monitoring and remediation solutions can enhance your threat detection and response capabilities.