SolarWinds hack

The SolarWinds Senate hearing: 5 key takeaways for security admins

Testimony by key security executives in the US Senate reveal how unprepared most organizations are for supply chain attacks. Here are the lessons security admins should learn from it.

Security system alert, warning of a cyberattack.
Matejmo / Getty Images

FireEye CEO Kevin Mandia recently testified in front of a United States Senate subcommittee about the SolarWinds attack. Take the time to listen to the presentation, especially Mandia’s chilling description of how the attackers went after FireEye’s Microsoft Windows identity tokens and valid credentials. The only reason they detected the intrusion was because the attackers happened to target a tool that was also being used by a pen-testing firm.

Here’s are what I believe are the key points regarding supply chain attacks that security and IT admins should take away from that hearing.

Potential supply chain attack victims lack access to the right tools

Brad Smith of Microsoft said in his testimony that they saw the attacker’s behavior only when they entered cloud services. The attackers went after on-premises computers, so Microsoft was unable to see the attacks.

This points out a problem with many of Microsoft’s best security tools. While they are available to even on-premises computers, they are gated behind Microsoft’s most expensive E5 license plan. If Microsoft customers had Microsoft Defender Advanced Threat Protection (ATP) enabled, Microsoft would have seen that key data much earlier.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.