Lesson From SolarWinds Attack: It’s Time to Beef Up IAM

March 4, 2021 – Article posted on Bankinfosecurity

The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues – especially identity and access management, according to a breakdown of the attack presented this week by the National Institute of Standards and Technology and the U.S. Cybersecurity and Infrastructure Security Agency.

At NIST’s Information Security and Privacy Advisory Board meeting, Jay Gazlay, a technical strategist with CISA who has been examining the attack since it was first disclosed in December 2020, presented an analysis of what the agency has learned about the attack to date. That included a detailed timeline of how the hackers implanted a backdoor in a software update for SolarWind’s Orion network monitoring platform. The update with the backdoor was eventually installed by about 18,000 of the company’s customers…

…Many hackers are now focusing on compromising identities as a way to open the door to accessing many more systems, Gazlay said…

…Bryan Orme, principal and partner at GuidePoint Security, a consulting firm in Herndon, Virginia, says improving IAM is particularly important as more data and applications shift to the cloud.

“With work-from-home continuing for the foreseeable future, most organizations have accelerated cloud migrations, drawing cloud security to the forefront as well,” Orme says. “Moving forward in a post-SolarWinds reality, a strong IAM strategy for both on-premises and cloud-based assets is reinforced as a foundational element of a strong security posture.”

Read more HERE.