Jaws dropped last year when the SolarWinds attack was revealed. The extent of the sophisticated intrusion was breathtaking: the hackers leveraged SolarWinds’ commercial software to infiltrate major firms and top government agencies, exposing sensitive data. Cyber criminals were able to jump from a single compromised laptop to the company’s Active Directory to the Azure Active Directory and Office 365 for complete control. Since then, the big cyber security question has been whether the attack set a precedent for hackers to target companies that rely heavily on a single vendor security infrastructure, such as Microsoft.
The SolarWinds breach was followed by a string of high profile attacks, including ransomware attacks that ground operations to a halt at US energy company Colonial Pipeline and meat producer JBS. This escalation in ransomware and malware attacks indicates that a precedent has been set – which is bad news for companies that rely on a single vendor security infrastructure.
Don’t let single vendor security sink your ship
Early ships had a single continuous and connected hull. Easier to build, but also easier to sink because a breach of the hull immediately filled it with water. Multiple watertight hull compartments made ships safer, and a vessel could be made virtually unsinkable if it were divided into enough small compartments.
Businesses relying on a single vendor for infrastructure, tools and security are like these early ships: easier to build, but also easier to sink. Conversely, businesses that segment their security infrastructure are like ships with several compartments. When one area is compromised, the whole ship isn’t completely exposed. It’s not a perfect analogy because Titanic was designed this way, but icebergs aside, the thrust of the analogy holds fast; segmented, layered infrastructure is significantly more resilient to attack.
The SolarWinds attack is a classic example of the dangers of relying on one sole vendor for infrastructure, tools and security. The exclusively Microsoft architecture provided an uninterrupted connected surface enabling cyber criminals to move from a single compromised laptop to the Azure Active Directory and then Office 365. And once hackers have access to email, they can impersonate anybody in the organisation, ultimately gaining complete control.
Since Microsoft’s business applications are used so widely, hackers can easily access the same products used by thousands of organisations. This means they can fine-tune their infiltration methods and use highly sophisticated strategies to attack high-value targets.
Getting the board on board: a cost-benefit analysis approach to cyber security
Build a multi-layered cyber security tech stack for greater security
Having everything via one vendor has been favoured due to lower complexity. But the clear lesson from the recent attacks shows that relying on a single vendor for both infrastructure and security lays down the equivalent of a red carpet for a hacker.
It’s possible to circumvent the dangers of single vendor security by implementing best-of-breed security practices at all segments of the infrastructure via security products and services that are independent of the underlying infrastructure. Building an impenetrable wall is impossible, but splitting up the application stack and the security stack and inserting third-party security products creates a barrier to the flow of an attack such as the SolarWinds breach.
Make sure your diversified tech stack will work for you
When you diversify your tech stack, your choice of applications needs to be anchored within a clear cyber security strategy.
Separating applications from security tools is just the beginning. To really batten down the hatches, businesses need consistent security across their entire tech stack – both in the cloud and in network security solutions.
There is a ‘sassy’ solution ahoy. Secure access service edge (SASE, pronounced ‘sassy’) is an emerging cyber security concept. It streamlines security, negating any need for time-consuming management of each individual element. SASE delivers sophisticated cloud access security broker (CASB) end-to-end protection for data in any cloud service or device. It also offers a secure web gateway (SWG) that decrypts and inspects traffic directly on users’ devices – providing optimum content filtering and threat protection in real time. And its third key feature is zero trust network access (ZTNA), which provides comprehensive and secure remote access to on-site resources.
Shoring up protection for the distributed workforce
Don’t let your single vendor security solution let you run adrift and leave you at the mercy of hackers. Diversifying your tech stack and deploying SASE and the safeguards it offers, lets you chart the best course – enabling security teams to develop a more resilient IT infrastructure, that can shore up business stability and minimise the spread of any cyber attack.
