The SolarWinds Breach and Taking Zero Trust to the Next Level
Apr 13, 2021
The SolarWinds breach in late 2020 exposed the limitations of traditional cybersecurity frameworks. Earlier that year, malware was introduced into the SolarWinds software build process, and after making its way through the DevOps pipeline, was ultimately shipped to customers. As SolarWinds periodically shared software updates with its customer base, the hacked code was passed on to scores of major corporations and government agencies, exposing sensitive financial and security information in the process.
At present, experts have yet to identify the scope of the SolarWinds breach or the damage inflicted. In disclosures to the Securities and Exchange Commission, SolarWinds acknowledged that the installed updates had left up to 18,000 customers vulnerable to hackers, making the cyberattack one of the largest and most sophisticated ever.
Chastened by the event and hoping to avoid future disasters, businesses are stepping up their search for new and more innovative approaches to cybersecurity. In the process, many are taking a closer look at “Zero Trust” models. As the name implies, the basic principle underlying the Zero Trust Architecture (ZTA) model is to take a “never trust, always verify” approach to any attempt by a user or application to access a network. This hard-nosed, no-exceptions approach is becoming increasingly necessary, as enterprise security perimeters are no longer confined to physical boundaries. Today’s virtualized environments mean that human users, servers and applications need to access networks from any device and any location. With attack surfaces increasing exponentially, ZTA offers an innovative alternative to the traditional concept of trusted vs. non-trusted networks.
ZTA’s value also lies in the ability to keep pace with continually evolving threats and new risks that emerge on a daily basis. Rather than reacting and responding to threats after the fact, and subsequently scrambling to limit damage, ZTA takes a proactive posture to confronting threats.
It’s a compelling idea. Implementing the model, however, involves a number of challenges. One is the need to integrate ZTA principles with traditional perimeter-based security strategies. Most ZTA models, moreover, provide controls at the network and host level, but fail to apply the same principles at process and sub-process level actions. As such, a breach at a lower level on a trusted system will likely go undetected and could lead to substantial damage.
Shrinking the Attack Surface
An optimal ZTA model must therefore address threats at a granular level. Limiting the size of attack surfaces in turn limits the damage done by any given successful data breach. To use an analogy with which we’re all too familiar, rather than allowing a highly contagious virus to spread throughout and beyond a major metropolitan area, the goal is to isolate the outbreak and contain the scope of infection as much as possible.
In this context, the concept of “process-level micro-segmentation” takes ZTA capabilities to the next level. Most traditional ZTA initiatives apply “never trust, always verify” criteria to the pillars of identity and access management, networks or IoT devices. Process-level micro-segmentation, meanwhile, addresses the more granular layer of workloads and applications.
Getting More Granular
Patented by Avocado, process-level micro-segmentation applies ZTA principles to sub-processes at the application session level. The outcome is to create the smallest mathematically observable threat surface within any application ecosystem. This capability enables the identification of threats rarely detected by network-level micro-segmentation solutions. This deep level of segmentation also helps compensate for porous modern perimeters that may be susceptible to breaches via backdoors, stolen credentials, code injections, remote code executions and other means. East/west or lateral breach movements are similarly curtailed.
Automated and real-time segmentation that identifies run-time and inherited application attributes streamlines deployment, even in large, complex environments. Process-level micro-segmentation also eliminates the need to create and tune hundreds of policies, which is critical in terms of administration. Additional benefits include almost zero false positives, as well as compatibility with any application platform, such as bare-metal, virtualized, containerized and server-less architectures.
In short, process-level micro-segmentation represents a fundamental step forward in ZTA capabilities. Earlier models such as micro-segmentation not only lacked granular focus, they required an overwhelming amount of policy creation and labor-intensive daily oversight. These burdens resulted in impractical solutions and slowed adoption. Following the devastating attacks on SolarWinds customers, enterprises are recognizing that ZTA is a “must have” weapon in the cybersecurity arsenal. The ability to shrink attack surfaces, along with ease of implementation and operation, makes process-level micro-segmentation an increasingly attractive ZTA implementation option.