You’ve really got to spend some money on understanding when that identity infrastructure is compromised, and maintaining that infrastructure.”įirstbrook pointed to one example where the SolarWinds hackers were able to bypass multifactor authentication (MFA), which is often cited as one of the most reliable ways to prevent an account takeover.
#ORION SOLARWINDS ENABLE CONVERSATIONS HOW TO#
“That’s my biggest message to people: You’ve spent a lot of money on identity, but it’s mostly how to let the good guys in. “People need to recognize that, and they don’t,” he said. When asked by VentureBeat about his biggest takeaway from the SolarWinds attack, Firstbrook said the incident demonstrated that “the identity infrastructure is a target.”
The identity security implications of the attack should be top of mind for businesses, he said during the sessions, which included a Q&A session with reporters. Other impacted federal agencies included the Departments of Defense, State, Commerce, and Homeland Security.įirstbrook spoke about the SolarWinds attack, first disclosed on December 13, 2020, by FireEye, during two talks at the Gartner summit this week. Treasury Department, said Firstbrook, a research vice president and analyst at Gartner. authorities, are believed to have had access for nine months to “some of the most sophisticated networks in the world,” including cybersecurity firm FireEye, Microsoft, and the U.S. The attackers, who’ve been linked to Russian intelligence by U.S.
#ORION SOLARWINDS ENABLE CONVERSATIONS UPDATE#
The attackers compromised the software supply chain by inserting malicious code into the SolarWinds Orion network monitoring application, which was then distributed as an update to an estimated 18,000 customers. The SolarWinds attack - which is nearing the one-year anniversary of its disclosure - has served as a wake-up call for the industry due to its scope, sophistication, and method of delivery.
0 kommentar(er)
