Preventing an attack like SolarWinds through ZeroTrust

Nat Natraj

Attackers Were Inside SolarWinds in January 2019” said CEO Sudhakar Ramakrishna [1] in May 2021. The attackers were in eight months longer than previously believed. SolarWinds’ original timeline put the first signs of infiltration at about September 2019. More recently based on analysis of hundreds of terabytes of data as it pertains to its build systems, the company mentioned that reconnaissance activity started in January 2019.

As an industry, we are not in an enviable situation. We are currently in an asymmetric warfare against the cyber attackers. Attackers can make repeated attempts, they have no penalty of failure since most of them operate from countries/regions where we don’t have jurisdiction oversight/control. In a nutshell, “we have to be right all the time.. they have to be right only once”.

And this got me thinking and engaging in a discussion with my co-founder, Phil Porras, Program Director and Internet Security Group Leader, Computer Science Lab at SRI International. As a part of SRI/Accuknox, tech partnership and investment, I am delighted that Phil serves as our Co-founder and Chief Scientist. Phil achieved world fame for his seminal research in IDS (Intrusion Detection Service) and pioneering work combating the Conficker worm which affected over 15 Million users in 100+ countries. Porras was a co-author of BLADE, a collaboration between SRI and Georgia Tech researchers designed to prevent drive-by download malware attacks. So, if anyone knows a thing or two about detecting and preventing large scale attacks, it had to be Phil. Given SolarWinds, a number of Federal Agencies have accelerated their move towards Zero Trust [2], NIST has a comprehensive document outlining Zero Trust guidelines [3]

I conferred with Phil on this subject to discuss how AccuKnox’ ZeroTrust platform could have detected SolarWinds attack and could have reduced the “blast radius”. Phil had some insightful comments that I feel compelled to share with you.

  • AccuKnox is based on a modular software architecture that minimizes the use of system privileges, as well as the complexity and size of privileged code modules that are deployed within the client hosts. Privileges are used for sensor telemetry collection and policy controls, and AccuKnox separates all processing, management, and analysis outside this privilege boundary.

In summary, SolarWinds Windows lateral movement could have been prevented by AccuKnox’ Identity based Kubernetes Security. It would have been detected AccuKnox’ AI-based Anomaly Detection engine. The least privilege principles of KubeArmor & Cilium minimizes attack surface and makes lateral movement very difficult. AccuKnox Data Security module allows organizations to identify unauthorized access to sensitive sources.

Immense thanks to Phil for his contributions to this blog.

Reference

1. Data Breach Today, May 2021

2. FedScoop, Jan 2021

3. NIST — Zero Trust Architecture, Aug 2020

4. SolarWinds, the World’s Biggest Security Failure and Open Source’s Better Answer, The New Stack, Dec 2020

Nat Natraj is the co-founder/CEO of AccuKnox. AccuKnox provides a Zero Trust Run-time Kubernetes Security platform. AccuKnox is built in partnership with SRI (Stanford Research Institute) and is anchored on seminal inventions in the areas of: Container Security, Anomaly Detection and Data Provenance. AccuKnox can be deployed in Public and Private Cloud environments. Visit www.accuknox.com or follow us on Twitter (@accuknox).

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store