Conventional wisdom suggests best-of-breed is the only way to secure your clouds. But what of hybrid attack paths that cross security domains — like those exploited in the SolarWinds and Capital One breaches? Exposing the gaps attackers exploit to move laterally requires visibility and context across security silos.
Insidious attacks like those associated with the 2020 SolarWinds breach — which compromised the software supply chain — frequently progressed from on-premises to cloud infrastructures completely unchecked. Others, like the 2019 Capital One breach, exploited a vulnerable web application to ultimately compromise client data stored in cloud infrastructure. These are just two examples of high-profile cloud breaches that traversed traditional security silos, making them challenging to prevent using siloed approaches.
Whether you’re responsible for securing cloud environments, or the entirety of your attack surface, even the best point tools will not give you the level of visibility needed to expose and close the gaps that attackers exploit to move across environments and compromise high-value targets.
Cloud-related breaches in the past 18 months
Source: Tenable, 2024 Cloud Security Outlook: Navigating Barriers and Setting Priorities
In this blog, we explore the SolarWinds and Capital One breaches, including the techniques used by attackers, and the security conventions that contributed to their success. More importantly, we explore how you can augment your existing security practices and understand the elusive attacker’s perspective to help you shut down even the most sophisticated threat actors.
<
blockquote>
“Combined with the use of sophisticated authentication exploits, [the SolarWinds breach] also leveraged vulnerabilities and major authentication protocols, basically granting the intruder the keys to the kingdom, allowing them to deftly move across both on-premises and cloud-based services, all while avoiding detection.”
— Senator Mark R. Warner (D-Virginia), Chairman, U.S. Senate Select Committee on Intelligence, This article has been indexed from Security Boulevard