After a Cybersecurity Attack Like SolarWinds: Rebuilding a Network

  /  ICS Security   /  Cybersecurity   /  After a Cybersecurity Attack Like SolarWinds: Rebuilding a Network

After a Cybersecurity Attack Like SolarWinds: Rebuilding a Network

In a recent article in The Guardian regarding the SolarWinds cybersecurity attack, security technologist Bruce Schneier said, “We have a serious problem. We don’t know what networks they are in, how deep they are, what access they have, what tools they left,” Schneier said. The only way to be sure a network is clean is “to burn it down to the ground and rebuild it.”

But is it really feasible to completely burn a network down and rebuild it from scratch?

Rebuilding: Zero Trust Cybersecurity Architecture

A Zero Trust architecture can serve as an immediate remediation step to save the rest of your network. From CSO Online:

The Zero Trust model of information security basically kicks to the curb the old castle-and-moat mentality that had organizations focused on defending their perimeters while assuming everything already inside didn’t pose a threat and therefore was cleared for access. 

Security and technology experts say the castle-and-moat approach isn’t working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able to move through internal systems without much resistance…  

[Zero Trust] calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations and other data to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise.  

Zero Trust architectures can immediately begin to address the hacker (or hostile foreign state actor now) inside the moat by disallowing any internal traffic between endpoints, servers, devices and applications except that which is explicitly allowed. Traditional network security solutions are typically not well-suited for such an approach for a number of reasons. They usually rely on specifying which network traffic should be blocked, which is the opposite of specifying only allowed traffic, which ultimately eliminates more risk and unauthorized network access. They also tend to be hampered by archaic underlying networking protocols, which make them tedious and complex to manage, and often error prone as well.

Learn about a dramatically more secure, easier to manage, network infrastructure based on a zero trust model, or a software-defined perimeter in the full post from Tempered.


About the Author

This article was written by Gary Kinghorn, Marketing Director at Tempered.