When Good Enough Is No Longer Enough
With the revelations coming out of Microsoft regarding the recent SolarWinds data breach, companies should be asking themselves if their current security measures are good enough. In most cases, the answer will be a resounding, “no.” The fourth largest company in the world was a victim of “good enough” security measures that weren't good enough after all.
In their internal investigation of the hacking incident, Microsoft discovered the hackers used access from the SolarWinds Orion app to laterally access source code within their servers. They also revealed that the malicious activity didn’t risk their security services or customer data. This time. One thing that can absolutely be said about hackers is that they will try again. In fact, Microsoft’s investigation found that these actors didn’t quit after being detected and removed. Not even when Microsoft went public with the breach and their efforts to investigate. Hackers are bold, and the security measures companies deploy to protect their assets must be even bolder.
Recent reporting by CNBC reveals Microsoft’s Exchange Server was subject to a Zero-day attack, impacting 30,000 U.S. organizations. If Microsoft can’t protect themselves, what can a small business possibly do? The truth is, they can do a lot.
Safe-T the leader in Zero Trust Network Access (ZTNA), recommends a list of actions organizations can take to protect their assets, including:
- Downloading and installing the latest software releases, security patches, bug fixes, and updates
- Consider hiding your assets from the outside world, by controlling access to them using a ZTNA solution or a VPN in conjunction with a ZTNA solution
- Add a centralized MFA solution which “sees” every user, system, server, and application in the network, so that when the attacker tries to access a server from the infected asset, their command, will invoked an MFA
ImageWare and Safe-T can help. The ImageWare Authenticate and Safe-T ZoneZero joint offering protects with a simple, secure, and cost-effective Zero Trust Access solution at scale. Before granting access, the solution collects and matches biometrics, either in-cloud or on-premises, to ensure the true user identity. Once biometrically authenticated, the solution grants access on a need-to-know only basis, while users (both managed and unmanaged) gain fast and seamless access to the resources they need.
Organizations need to secure their assets without impacting productivity, which is why we developed a frictionless multifactor authentication (MFA) solution, ImageWare Authenticate. It is also why we teamed with Safe-T to offer a seamless, end-to-end, platform that provides central management of all secure access technologies and helps organizations achieve zero-trust network access (ZTNA) with continuous authentication.
This MFA, Zero Trust solution ensures that all requests from users or applications to any secured application invokes an MFA request. Until the request is satisfied with ImageWare Authenticate, ZoneZero prevents the secured applications from executing the requested commands. This approach would have prevented the SolarWinds lateral attack, by alerting the company’s IT staff immediately upon the first attempt to execute a PowerShell command.
Find out more about the ImageWare and Safe-T joint solution here.