There will be more fallout from Solarwinds to come. More companies will realize they are compromised due to either SUNBURST or SUPERNOVA (got to love the catchy, similar style names).
The question is what are you and your company going to do about it? What have you and your company learned?
Do not just throw money at this. Vendors will start trying to use this as a marketing ploy, especially to those that do in house development. If you do in house development, work on getting your Secure Development Lifecycle (SDLC) better. Do not over promise and over push your developers. If developers say they need some extra time for security testing, understand it will save you more issues in the long run. Understand that meeting compliance check boxes will not mean that security was met.
The rest of the corporate world should be doing a few things starting with your people and processes. Make sure that your company has in place a solid detection process, which includes enough staff, proper logging, solid SIEM/SOAR rules and notebooks, and a solid Incident Response plan. If your company is lacking in any of these, and that includes keeping people trained, it will be money well spent in the long term. Your company will get breached at some point and these processes plus properly trained people will always be needed. There is no perfect security, so detection is as important if not more important.
Understand there is no magic bullet. Security is a process not a destination, and burned out, overworked security people (especially in the SOC) do your company no good. Compensating by getting more and more tools without enough staff will cause burnout. People can only do so much in any given time. Make sure they get time off, and that means not disturbing them when they are off, if possible.
These are the lessons every company should learn from this situation.
Leave a Reply