![solarwinds security solarwinds security](https://prosperon.co.uk/wp-content/uploads/2020/12/SolarWinds-Security-Incident-Review-What-To-Do-Next-To-Protect-Your-Platform-Video-Slate-Prosperon-Networks.png)
We need to rethink how we assess those trust relationships, and most importantly, we need to understand how we can verify the security of this software, firmware and hardware throughout the entire lifecycle.
#Solarwinds security software#
Regardless of where you are in the supply chain, from an enterprise user of software to an OEM to a software supplier, you likely are placing an incredible amount of trust in your vendors and their products. The most important takeaway from this attack is that we need to reevaluate the trust we put into vendors, software and devices. For others, it was a confirmation of what we already knew, and what we have been working so hard to prevent. The SolarWinds breach was a wake up call for many within the cybersecurity community and outside of it. For supply-chain executives, it’s important to think of all the devices in your business that could enable pivots to other systems. It's common practice to duplicate software in more than one device - meaning if a hacker finds a vulnerability in a doorbell camera, it might also be possible to exploit another brand of doorbell, a smart TV, a connected refrigerator or a home thermostat.įor hackers, a vulnerability that affects a single device is insignificant, because it is hard to monetize those types of hacks, but pervasive supply-chain vulnerabilities can be much more valuable. Global supply chains have become particularly attractive targets due to their largely connected and often poorly secured systems. It’s more important than ever for companies, manufacturers and buyers alike, to take a proactive approach. That has put organizations in a reactive posture and given rise to numerous regulations and standards. The reality is, attackers are well ahead of the industry. It’s up to an organization’s leadership to recognize the risk of not prioritizing security, and it's up to development teams to be proactive in mitigating those risks before they can be exploited. In either case, security often ends up taking a back seat. There’s a similar push on the device side of the equation - and this is especially true for IoT devices sold as commodity products in bulk.
![solarwinds security solarwinds security](https://www.bleepstatic.com/images/news/security/attacks/s/solarwinds/roundup/solarigate-attack-flow-microsoft.jpg)
On the software side, this agile development framework pushes numerous and rapid updates, sometimes to add new features, occasionally to fix security flaws. Software developers and device manufacturers have shifted to rapid development processes. What was needed was for a security team member to analyze the final software files themselves, before it was released to customers. For example, an SBOM would not have caught the SolarWinds backdoor. That list, known as a software bill of material (SBOM) is key to supply-chain security, but it’s important to note that it’s not a cure-all. There’s a growing movement of purchasers that are demanding comprehensive lists of the software within a device - but for now, it’s rare for manufacturers to provide it. Here’s what the broader supply-chain industry needs to know about cyberattacks.
![solarwinds security solarwinds security](https://cdn-japantimes.com/wp-content/uploads/2020/12/np_file_59001.jpeg)
#Solarwinds security code#
What’s more, some of that firmware wasn’t written by the manufacturer, but comes from open-source code maintained by volunteers in the I.T. These components are shipped with embedded firmware that may have existing security flaws. Manufacturers of smartphones, printers, routers, internet-of-things devices and critical infrastructure systems buy components from third parties. Other supply-chain risks may manifest as security flaws baked into electronic devices. And that’s only what we know - we will likely be uncovering the effects of this breach for years to come. The attack left potential backdoor access points to hundreds of companies and nine federal agencies. In the SolarWinds case, the threat actors, believed to be working on behalf of a foreign government, trojanized the software updates to a popular tool SolarWinds Orion. The term “supply-chain risk” is a large umbrella that covers lots of security threats and vulnerabilities. is an egregious example of the far reach of a potential supply-chain attack.
![solarwinds security solarwinds security](https://i.ytimg.com/vi/LFYB0bLNP5E/maxresdefault.jpg)
The sprawling hacking campaign launched by Russia three months ago - which impacted as many as 18,000 customers of the Texas-based software maker SolarWinds Corp. No matter the industry, cybersecurity breaches seem to be escalating in size and scale.