Committing to just one vendor for all your organisation’s IT needs could be leaving you open to risk, argues Nat Kausik. Learn more in our latest guest spotlight…
A series of recent cyber events highlight the very real risk and dangers confronting enterprises that depend on a single vendor for their infrastructure, tools, and security.
Last year’s Solar Winds attack created a major stir among the cyber security community. The question on everyone’s lips was a big one: were hackers now honing their attack techniques with a specific aim in mind? Namely, targeting companies that are solely reliant on Microsoft’s security infrastructure to protect their systems and users.
Subsequent high profile ransomware attacks on Colonial Pipeline and JBS have provided further disquieting insights into the modus operandi of hackers that exploit flaws and vulnerabilities in Microsoft’s software and cloud platforms. With Ransomware as a Service (RaaS) schemes booming in the wake of today’s new remote and hybrid workforce realities, organisations that don’t want to be the next victim of a data breach or ransomware attack should take note.
Rather than launching a raft of opportunistic attacks, professional hackers and state-sponsored threat actors can leverage Microsoft services to gain access to an organisation’s network – and deliver their ransomware payloads – in a highly targeted way.
The Growing Industrialisation of Ransomware
Hackers are smart operators that are only too aware that today’s enterprises will be utilising technologies and cloud services from market-leading vendors like Microsoft. If you’re in the business of executing successful ransomware attacks, then it makes perfect commercial sense to go all out and specifically target Microsoft environments at scale.
Having perfected and refined their infiltration techniques and strategies and armed with the know-how needed to take advantage of known vulnerabilities, cybercriminals are now intent on leveraging these capabilities to access the Microsoft products used by thousands of organisations around the globe. Utilising the RaaS model to achieve the widespread distribution of turnkey hacking and ransomware services at a cost that will generate the maximum financial return.
That’s bad news for any company that is heavily reliant on exclusively Microsoft architecture.
Why Single-Vendor Security Is a Risky Business
In theory, having a single vendor for your IT and security should make life easier. Alongside minimising compatibility or interoperability issues, deploying new features or applications from the same vendor will be a lot quicker and it won’t require a lot of training to get users up to speed.
However, the Solar Winds attack highlights just how easy it was for hackers to take advantage of a highly connected Microsoft architecture to conduct an end-to-end breach.
Having first gained access to the SolarWinds’ network via a compromised laptop, the cybercriminals next moved to the company’s Active Directory before leaping to the Azure Active Directory and then onto Office 365 to achieve complete control, gaining access to cloud resources along the way. All this was achieved by simply riding the connected fabric of an all-Microsoft shop.
What happened in the Solar Winds incident highlights why relying on a single vendor for both infrastructure and security is the equivalent of laying out a red carpet for hackers.
To circumvent this risk, organisations need to compartmentalise and partition their Microsoft environments. Inserting third-party security products which will create a barrier that prevents malware or ransomware attacks from flowing across the distributed enterprise without restriction.
The Solar Winds attack highlighted just how easy it is for hackers to take advantage of a highly connected single-vendor architecture.
CEO & Co-Founder, Bitglass
Adopt a Multi-Layered Tech Stack Approach for Enhanced Resilience
Separating applications from security tools to mitigate risk is just the start. Today’s distributed work environments means that data, devices, applications, and users now exist outside the corporate network. So organisations need to ensure they implement security measures and practices that encompass their entire cloud and network estate.
Providing a single unified platform that enables organisations to extend consistent security to all their enterprise resources, today’s cloud-based secure access service edge (SASE) solutions streamline the delivery of comprehensive security controls to every segment of the infrastructure. Making it harder for malicious actors to exploit security vulnerabilities and launch a successful attack.
Key SASE functionalities include a modern cloud access security broker (CASB) that delivers end-to-end protection for data in any cloud service and any device, and on-device secure web gateway (SWG) that decrypts and inspects traffic on user devices for content filtering and threat protection in real-time, and a zero trust network access (ZTNA) solution that enables secure remote access to internal resources, blocks the download of sensitive data and the upload of malware including ransomware.
Define & Deploy a Truly Resilient Cyber Security Strategy
Organisations that are heavily reliant on Microsoft infrastructure, services and applications – and are therefore potentially subject to their vulnerabilities – can take several steps to shore up security and minimise the spread of a cyberattack.
Interfacing each connected component with a standards-based partition and inserting a third-party security product between the application and security stack represent the foundation stones for protecting their Microsoft estates. After which, deploying SASE technologies will assure comprehensive security across every infrastructure segment.
In this way, organisations can mitigate the risks presented by a single vendor security strategy and initiate a highly resilient infrastructure and cloud security posture.
ABOUT OUR GUEST WRITER
CEO & Co-Founder, Bitglass
Nat is president and CEO of Bitglass, and a co-founder of the company. Prior to Bitglass, Nat was CEO of Asterpix, Trubates, FineGround and Arcot Systems, as well as positions in research and academia. Nat earned a B.Tech from IIT, Madras, an M.S. from Princeton University, and a Ph.D. in computer science from Cornell University.