Skip to content
PRODUCTS
ShadowPlex Advanced Threat Defense
Deception for early detection of cyber threats with precision and speed
ShadowPlex Identity Protection
Visibility of identity attack surface and comprehensive detection of identity threats
ShadowPlex Cloud Security
Multi-cloud Security Built on Enterprise-scale honeytokens
ShadowPlex Threat Intel
Targeted Threat Intel Providing Preemptive Cyber Security
ShadowPlex Preemptive Cybersecurity
Comprehensive and Award-winning Distributed Deception Platform
What is Preemptive Cybersecurity?
Preemptive Cybersecurity detects and diverts attacks.
SOLUTIONS
Technology
Active Directory Protection
Cloud Detection and Response (CDR)
Early Threat Detection
Honeytokens for CrowdStrike
Identity Threat Detection & Response
Insider Threats
OT Security
Ransomware
Red Teaming
Threat Hunting
Zero Trust
SOLUTIONS
Industry
Healthcare
Financial Services
Public Sector
RESOURCES
Blog
Events
Cyber Deception Glossary
RESOURCE CENTER
Analyst Reports
Case Studies
Data Sheets
E-Books
Solution Briefs
Webinars
Whitepapers
COMPANY
About Acalvio
Leadership
Investors
Press Center
In The News
Why Preemptive Cybersecurity
Contact
PARTNERS
Strategic Partners
Technology Partners
Partner Program
Become a Partner
Blog Active Defense The Solarwinds Attack – Don’t Trust; Always Verify
Team Acalvio
|
January 11, 2021

The Solarwinds Attack – Don’t Trust; Always Verify

What’s the biggest lesson from the SolarWinds fiasco?

That just focusing security defenses on the most common means of penetrating an organization doesn’t cut it. Sure, you should guard against phishing, fortify your DMZ and Internet-facing applications, train your staff, and so on. That will at least give you a credible response if you get hacked and you’re asked what you were doing to prevent it (which I admit is nothing to sneeze at!). However as we’ve seen, that won’t keep you safe.

The software supply chain risk

Few organizations take software supply chain risk seriously. It’s very common for software packages to “call home” to the vendor for diagnostics, code and data file updates, etc. How many customers, or even the vendors themselves, have any way to monitor this threat vector, or to model the application for behavior changes that indicate compromise? Virtually none. Try asking your vendors “How can you demonstrate to me that your update channel isn’t compromised?“, and watch them squirm. And this doesn’t even address the problem at SolarWinds, which was the insertion of rogue code into the development process. While timely patching is a security best practice, how does one know that the patch itself isn’t compromised? Finally, given the prevalence of open source, and the push for rapid development and software innovation, can anyone seriously believe that the risk from software supply chain compromise will be “solved” anytime soon?

Supply chain attacks such as the Solarwinds incident work because they exploit trust relationships. Most security controls depend on whitelisting of the “known good”, including files, folders, processes, systems, users and groups, domains, IP addresses, and behavior. Typically, security solutions rely on reputation and past behavior patterns to give a free pass to “trusted entities”.

What is needed is a more flexible layer of defense, one built with the attacker’s mindset in mind, not the defenders. These defenses should not rely on signatures, black/white lists, behavior analysis or reputation for threat detection. And what’s the fastest way to implement this type of defense? By implementing a modern, automated Deception solution such as Acalvio ShadowPlex. By automatically overlaying a comprehensive and customized deception fabric over the network, ShadowPlex lies in wait for a threat actor to begin their recon and lateral movement activity.

It doesn’t matter how they got in: spear-phishing, vulnerability exploit, or compromised software – it’s all fair game for ShadowPlex. In all such cases, it’s ready to detect, characterize, and if desired engage your adversary, without a lot of operational overhead or false positives. Will you sleep more soundly knowing ShadowPlex is on the job?

We’d like to think so!

Content
What’s the biggest lesson from the SolarWinds fiasco?
The software supply chain risk
Definitive Guide to Identity Protection
Get the E-Book
Gartner names Acalvio Tech Innovator
Learn More
Acalvio, the Ultimate Preemptive Cybersecurity Solution.
Schedule a Demo
Acalvio is the leader in autonomous cyber deception technologies, arming enterprises against sophisticated cyber threats including APTs, insider threats and ransomware. Its AI-powered Active Defense Platform, backed by 25 patents, enables advanced threat defense across IT, OT, and Cloud environments. Additionally, the Identity Threat Detection and Response (ITDR) solutions with Honeytokens enable Zero Trust security models. Based in Silicon Valley, Acalvio serves midsize to Fortune 500 companies and government agencies, offering flexible deployment from Cloud, on-premises, or through managed service providers.
© Acalvio Technologies, Inc. All rights reserved.