Emerging SolarWinds-type Compromises: Can You Really Burn It All Down?

Gary Kinghorn | 01/04/2021

Legendary security technologist, Bruce Schneier, recently wrote an article in The Guardian summarizing the impact of the SolarWinds security breach last month, and it’s probably a lot worse than people think. (The breach that is, the article was great!). If you don’t know the gory details of the attack, our CTO, Bryan Skene, covered it nicely hereSchneier was also quoted in an earlier analysis of the hack by noting how extensive the breach was throughout many of our nation’s most sensitive military and industrial networks, and, in fact, the extent of the compromise in each network, or how many networks, may not be known for years. 

"We have a serious problem. We don't know what networks they are in, how deep they are, what access they have, what tools they left," Schneier saidThe only way to be sure a network is clean is "to burn it down to the ground and rebuild it.” 

Not a fun task for network security admins over the end of year holidays… But is it really feasible to completely burn a network down and rebuild it from scratch?!? Consider many of the compromised networks (making assumptions based on who we know SolarWinds users are, and the fact that the hack was made by a state-level actor/team) consist of tens of thousands of network devices, servers and applications and you begin to understand the scope and cost of the remediation efforts required.  

Taking the network down to the metaphorical studs doesn’t really seem like an option. As Schneier notes, “Imagine a computer network as a mansion you inhabit, and you are certain a serial killer has been there. You don't know if he's gone. How do you get work done? You kind of just hope for the best.” Hoping for the best doesn’t really seem like an option, though, if you are running a critical military network, financial institution or power grid; or, if your business depends on the availability and integrity of key processes, intellectual property or customer data. 

Maybe there’s a better way… If you suspect there could be a hostile foreign actor running around inside your network, that has used a compromise of the network management platform to laterally move to other hosts, and create back doors on other systems and applications, it might be time for a Zero Trust architecture as an immediate remediation step to save the rest of your network:  

The Zero Trust model of information security basically kicks to the curb the old castle-and-moat mentality that had organizations focused on defending their perimeters while assuming everything already inside didn’t pose a threat and therefore was cleared for access. 

Security and technology experts say the castle-and-moat approach isn’t working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able to move through internal systems without much resistance...  

[Zero Trust] calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations and other data to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise.  

-- CSO Online 

Zero Trust architectures can immediately begin to address the hacker (or hostile foreign state actor now) inside the moat by disallowing any internal traffic between endpoints, servers, devices and applications except that which is explicitly allowed. Traditional network security solutions are typically not well-suited for such an approach for a number of reasons. They usually rely on specifying which network traffic should be blocked, which is the opposite of specifying only allowed traffic, which ultimately eliminates more risk and unauthorized network access. They also tend to be hampered by archaic underlying networking protocols, which make them tedious and complex to manage, and often error prone as well.  

This is where Tempered Networks can help. Tempered Airwall offers a dramatically more secure, easier to manage, network infrastructure based on a zero trust model, or software-defined perimeter. Airwall deploys quickly over existing networks and can ultimately replace a myriad of tedious, error-prone layered network security approaches such as firewalls, VLAN/VRF’s, VPN’s, and access control products. It provides straightforward network segmentation and secure remote access between any two systems anywhere in the world over a global public network, or within the confines of your on-prem infrastructure. In a world of dissolving network perimeters, more sophisticated network attacks/cyberwarfare, and requirements for more critical IoT/5G infrastructure to be connected and accessible online, Airwall is rapidly becoming the only effective and efficient solution that can address today’s requirements. 

 Tempered Networks secure mesh fabric

Figure – A secure Airwall fabric mesh can introduce many befits over traditional network security approaches including an ideal Zero Trust architecture. 

 

Airwall essentially introduces a virtual air gap between critical systems and the rest of the potentially compromised networks (hence its name), but still provides access to specifically defined traffic that is safe and authorized. The serial killer may still be in the house, but his movement is severely restrictedAnd the kids can still go up and down the stairs and open the refrigerator. Airwall provides such a level of security that you can actually establish a completely private tunnel over any global public (or compromised) network using military-grade encryption and easily managed, centralized security policies. Without going into too much detail, the Airwall security infrastructure is based on the IETF standard Host Identity Protocol (HIP), which was designed long before Zero Trust came into vogue. It might just be the right time to evaluate this rapidly emerging technology against a whole new set of cybersecurity attacks and potentially hostile actors already inside your network.  

Got a minute? We actually have a recently announced FREE version of our Airwall solution, called AirnetAirnet doesn’t have all the capabilities of a full Airwall deployment, but it’s a great platform for establishing secure remote access between a network mesh of systems and users, wherever they are located. It’s a great example of how easy it can be to setup and manage a full Airwall network since it only takes a few minutes to deploy and configure. If you are ready to learn more, or even signup for a perpetual Free Airnet license, start here. 

Airnet SolarWinds Micro-segmentation Airwall Zero Trust

Recent posts