10 Things We Learned About the Solarwinds Breach (FireEye)

Ten things we learned or were reminded of with the Solarwinds breach:

1. Without Searchable Logs “you were screwed” or no logs at all…..made it impossible to historically investigate.

2. Cloud SOC Platforms made it nearly impossible to go outside of 30-90 days to find the breach. Huge dilemma for the hosting providers. This incident happened March – August ( some now say October of 2019 ) which makes sense…..

3. Without multiple layers of security with long term storage, these attacks would have gone unnoticed or unrecallable/reconstructable since like 99% went unnoticed.

4. Solutions without HEX make it really hard to see Certificate Infections

5. Updates don’t always make you less vulnerable

6. The whole industry and our customers of this industry have problems with implementing and managing controls and the checks and balances behind them. ( think of an airplane here, someone is always double and triple checking, lives are on the line, why is this not the case in cyber)

7. Supply chain risk is not going away

8. Using technology or partially implementing technology can be a huge risk… understand what you are putting in your environment

9. Beacons can tell the story, don’t leave a beacon uncovered

10. Malware and forms of it CAN LIVE ANYWHERE!