Reducing Your Risk
Preventing nation-state attacks certainly isn’t easy. However, there’s a lot you can do to help mitigate the risk for your customers.
- Send a notice: For starters, limit the phishing attacks your customers see by implementing email security solutions like SolarWinds® Mail Assure, which can help bolster the defenses that come out-of-the-box with solutions like Microsoft Office 365 or Google G Suite. Additionally, send a notice to your customers and their employees to be suspicious of emails they receive. Hacker groups may use targeted spear-phishing emails to worm their way into your customers’ organizations. Hopefully, you’ve already offered them training on recognizing phishing emails, so make sure your notices reiterate the telltale signs of an attack. Tell them to check domains on links before clicking, be wary about giving up personal information, and be extra suspicious of anything that seems “off” like unusual phrasing or misspellings. Also, encourage users to report anything unusual—the more information, the better.
- Shore up your accounts: Make sure to use multifactor authentication on all accounts that support it. This provides additional safeguards against brute-force password attempts. Additionally, consider using a corporate-grade password manager like SolarWinds Passportal + Documentation Manager to enforce strong password policies across your customers’ accounts.
- Adopt advanced endpoint protection: One major challenge around nation-state attacks are their lack of predictability. Hacker groups have multiple tools at their disposal to cause devastation. Since the attackers could theoretically place any payload on a system, it helps to have an advanced endpoint protection solution, like SolarWinds Endpoint Detection and Response (EDR), powered by SentinelOne, running on your customers’ machines. EDR uses artificial intelligence (AI) and machine learning to flag abnormal behavior on an endpoint, then take an appropriate automated action such as flagging an issue to a technician or rolling back a machine to a known safe state. Additionally, if you must report to the authorities, EDR offers an “attack storyline” to help you with forensic analysis.
- Watch network logs: As Krebs stated, attacks could easily spread to wipe out a complete network. Now’s the time to be extra vigilant in watching network logs for suspicious behavior. A security information and event management (SIEM) product like SolarWinds Threat Monitor can alert you to suspicious behavior across your customers’ network using AI, built-in threat intelligence, and a sophisticated, configurable alarm engine. A strong SIEM tool like Threat Monitor can help you detect anomalies in your customers’ infrastructure and deal with the lack of predictability of these attacks. Additionally, the built-in threat intelligence with Threat Monitor can help provide additional warning if industry experts notice patterns among the attacks.
Be on the Watch
With potential attacks coming, now’s the time to shore up defenses for your clients. As an MSP, you play an important role in the fight against cybercrime, even when it comes from another nation state. Make sure to put the right security controls in place and be extra vigilant in the coming weeks, of potential attacks.
If you suspect an attack, CISA has requested you report the attack immediately by emailing [email protected]. Be careful out there—your customers are counting on you.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.