At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises:
The list of supply chain attack vectors is long and nefarious, and of course applies to hardware as well – peripherals, networking equipment, IoT devices, even server blades.
Supply chain cybersecurity best practices dictate a number of straightforward defenses:
But as Eric pointed out, “I’m in your supply chain, and you’re probably in mine.” Software and services produced by one vendor can, and do, end up in other vendors’ manifests and stacks, propagating deep among suppliers and consumers. The multiplicity of organizations, code and services in this cascade of supply and consumption almost guarantee the inclusion of exploitable vulnerabilities and embedded hostile code.
Today, in the face of international sourcing, admixture of proprietary and open source code, and huge variability in vendor practices, securing the enterprise supply chain borders upon the impossible. What steps can CISOs and IT security teams take to mitigate risk from vendor and community-supplied software and firmware?
The first step is developing a strategy. Certainly, it makes sense to follow and enforce the supply chain security practices outlined above. But how do you mitigate the threats that survive the vendor-consumer gauntlet? Once past these protections, having effectively side-stepped perimeter defenses, supply chain attacks can run amok on your networks, inside your applications and across your data, on par with privilege escalations and high-level insider attacks.
Until the modern software supply chain cleans up its act, through self-regulation or government mandate, the best way to mitigate sourcing risk is with comprehensive Security Information and Event Management (SIEM) – integrating security monitoring, threat detection and response, combined with Endpoint Detection and Response (EDR). Netsurion’s EventTracker SIEM and EDR together address supply chain threats, as follows:
In today’s landscape of interwoven ecosystem relationships and complex provenance of software and firmware, securing your technology supply chain ranges from daunting to near impossible. CISOs worry about fully vetting the integrity of software and hardware sourcing. They lose sleep thinking about potential ingress of malicious and vulnerable code across purchasing, development, IT and other entry points. With Netsurion SIEM and EDR, CISOs and security practitioners can rest easier and devs continue leveraging high value ecosystem software and firmware. Try it today.
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.