While many may have shrugged their shoulders when they heard about another cyberattack this week, it’s clear everyone should be very worried about the SolarWinds hack called Sunburst. While it’s early days, some believe this may be one of the biggest cyber-attacks ever due to its sophistication, the targets and the implications. It’s not often (only 5 times) that the Department of Homeland Security issues a directive for US government agencies to immediately disconnect machines running the impacted software.
The directive was issued after it was reported that U.S. government agencies, including the Treasury and Commerce departments, were hacked. Since then, the Department of Homeland Security was added to the list of targets. The attack has been linked back to malicious code injected into a SolarWinds Orion update. More details of the attack can be found on this blog by FireEye, which was also affected, and this KrebsOnSecurity coverage.
What are the implications of SolarWinds hack
The SolarWinds system is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies so the national intelligence implications are extremely worrisome. It appears the malicious update was first distributed back in March, meaning the breadth of the attack is only going to grow and the impact to these organizations will be felt by many. While the analysis of what happened and who is affected as a result of the SolarWinds hack is important, it’s even more important that businesses and government agencies take the necessary steps to protect themselves from similar attacks.
You need to protect your on-premise systems in a modernized way and the only way to do that in a flexible and agile manner is using virtualization.
For some that may mean detaching their most critical systems and important data from the public cloud, which is the first thing the US government did. Then, you need to ensure you have the best defense possible for your private network even if you plan to continue using the public cloud for less-critical or less-sensitive applications. At times like this, you are in a reactionary, firefighting mode so you need to move fast. You need to protect your on-premise systems in a modernized way and the only way to do that in a flexible and agile manner is using virtualization.
How to better protect private networks
But most network firewalls continue to be deployed as physical appliances which limits the flexibility and agility when you need it most (like in the case of this attack). However, as I wrote about in an earlier blog there is no reason why you cannot virtualize your network firewalls. Virtual firewalls, which are widely deployed in the data center, have grown to offer the same functionality as their physical counterparts. But what is slowing the transition is the fact that it’s difficult and time-consuming to replace physical firewalls with virtual ones. It’s not a trivial undertaking for most network security teams.
To more easily and quickly convert from physical firewalls to virtual ones, you need a turnkey virtualization platform that not only automates the migration but helps you maintain and manage your virtual firewall infrastructure going forward. The platform needs to be delivered as a ready-to-deploy service and offer zero touch network security operations. By fully integrating with firewall APIs and policy managers, you can get a cloud-like user experience for managing the on-premise virtualization infrastructure. You also have the ability to instantly add more capacity at the click of a button so you can adjust to changing network usage like what ‘detached networks’ produce.
But your private network security needs to offer the same agility and flexibility that everyone takes for granted with the public cloud.
Since these cyberattacks are becoming more and more common, it’s crucial that we rethink our network architectures and approaches to network security. While the move to the public cloud has many advantages, it is times like this when you see why your private network is still so important and always will be. But your private network security needs to offer the same agility and flexibility that everyone takes for granted with the public cloud. At the heart of that flexibility is the need to quickly be able to respond to changes in the cybersecurity landscape by scaling and adapting your threat protection at your internet gateway. Before we see the next big hack, it’s crucial that you modernize your network security, with automation and virtualization.