The recent Solar Winds attack is a moment of reckoning. Today, as we close our own internal investigation of the incident, we continue to see an urgent opportunity for champions everywhere to consolidate and protect the world in a more concerted way. We also assure an opportunity for every company to adopt a Zero Trust plan to help defend against future onslaughts.
The Microsoft Security Research Center( MSRC ), which has shared studies and counseling throughout the Solorigate incident, showed today that following the completion of our internal investigation we’ve seen no evidence that Microsoft systems were used to attack others. There was also no evidence of access to our production services or patron data.
However, a concerning aspect of this attack is that security corporations were a clear target. Microsoft, having regard to the expansive utilize of our productivity tools and leadership in security, of course was an early target.
But while this highly-sophisticated nation state actor was able to breach the gate, they were met by a unified team of human and digital champions. There are several reasons why we were able to limit the scope and impact of this incident for our company, clients, and collaborators, but ultimately, they all boil down to a few fundamental behaviors we approach security.
Adopt a Zero Trust mindset
A key action is implementing a Zero Trust architecture. In this approach, companies must assume all activity–even by trusted users–could be an attempt to breach systems, and everything a company does should be designed around that premise.
To guard against these pervasive threats, it’s recommended that organizations deploy zero-trust architecture and defense-in-depth protections, installing defenses like a layer cake across code, coding tools, email, cloud apps, endpoints, identities, the developer community, defender products–everything.
Zero Trust is a proactive mindset. When every employee at a company presumes attackers are going to land at some level, they simulate threats and implement mitigations are responsible for ensuring that any potential exploit can’t expand. The value of defense-in-depth is that security is built into key areas an actor might try to break, beginning at the code level and extending to all systems in an end-to-end lane.
Customer Guidance: As corporations “ve been thinking about” deploying a zero-trust posture and making a transition from implicit trust to explicit verification, the first step to consider is protecting identities, specially privileged customer accounts. Gaps in protecting identities( or user credentials ), like weak passwords or lack of multifactor authentication, are opportunities for an actor to find their way into a system, elevate their status, and move laterally across the environments targeting email, source code, critical databases and more. We witnessed this in Solorigate when abandoned app reports with no multi-factor authentication were used to access cloud administrative settings with high privilege. To explore protecting privileged identity and access, companies should review our post on Securing privileged access overview | Microsoft Docs.
Embrace the cloud
We were also reminded of the importance of cloud technology over on-premises software. Cloud engineerings like Microsoft 365, Azure, and the additional premium layers of the services offered as part of these solutions, improve a defender’s ability to protect their own environment.
Baseline layers of protection is not sufficient for today’s sophisticated menaces. Defense strategies must match up to these more and more complex attempts while factoring in the intricacies of securing a remote workforce. If you are not thinking about advanced layers of protection that can detect, alerting, prevent and respond to onslaughts across identities, email, cloud apps, and endpoints, you may be locking a entrance while leaving the window open. From Microsoft, consider engineerings like Azure Active Directory and Microsoft 365 Defender.
In addition, with the Microsoft cloud, clients benefit from industry-leading threat intelligence, powerful AI, machine learning, and defense-in-depth capabilities that most corporations simply could not develop on their own. Our platform and services assess over eight trillion security signals every day, enabling Microsoft to take more of the work off a defender’s plate. Our technology can surface and correlate security alertings that could represent a larger issue or remediate issues on requirement with our own threat experts. As an example, in 2020 over 30 billion email menaces were blocked by Microsoft cloud technology.
Customer Guidance: One of the things our patrons should consider is managing identity and access from the cloud. When you rely on on-premises services, like authentication server, it is up to a patron to protect their identity infrastructure. With a cloud identity, like Azure Active Directory, we protect the identity infrastructure from the cloud. Our cloud-scale machine learning systems reason over trillions of signals in real time. So, we can detect and remediate attacks that nobody else can see.
Strengthen the community of champions
Finally, we know that we all have an important role to play in strengthening and empowering the champion community at large. It was great to see this sharing in action in December when FireEye first alerted the community of a “global intrusion campaign.”
At Microsoft, communicating and collaborating with our customers and spouses is a top priority. Over the past several weeks, security teams across Microsoft( Microsoft Threat Intelligence Center/ MSTIC, Microsoft Detection and Response Team/ DART, Microsoft Cyber Defense Procedure Center/ CDOC and Microsoft Security Response Center/ MSRC) fulfilled daily and immediately collaborated with customers and collaborators to share information and respond. We shared the latest threat intelligence, indicators of compromise( IOC ), published more than 15 blogs with technical the guidelines and best practices, and apprise customers of potentially pertained activity. We likewise offered security trials across our end-to-end product portfolio to give organizations the tools needed to combat this threat.
This sharing is invaluable to the entire community.
Customer Guidance: We encourage each company, of every size, to work with the community to share information, strengthen defenses and respond to strikes. Join our Microsoft Security and Compliance Tech Community to start or participate in a variety of community discussions.
The post Turning the page on Solorigate and opening the next chapter for the security community seemed first on Microsoft Security .
Read more: microsoft.com