The massive SolarWinds breach exposed some significant weaknesses in companies’ incident response practices.
Responding to a cyberattack like SolarWinds, where a software update process in a network management tool was compromised and attackers were able to delve deeply into targeted networks, requires the ability to analyze traffic and behavior logs that are often incomplete, or completely missing.
That hinders the incident response team’s ability to track down the source of the attack and shut it down, cut off the attackers’ communication channels, and determine how far the attack has spread.
Data centers too often put their full trust in their management software, allowing it full access to the enterprise and unfettered communications with the outside world, said Jerry Bessette, head of Booz Allen’s Cyber Incidence Response Program.