Securing the Attack Surface with Data Sharing and Machine Learning

Posted March 30, 2021

A few months ago, the SolarWinds hack stole headlines as its breadth stretched into the U.S. Department of Energy, the U.S. Commerce Department, and the U.S. Treasury along with companies such as Microsoft, Cisco, VMware, and FireEye. At the time, the breach was remarkable in its scope and complexity. Now, as the dust is still settling from the SolarWinds breech, headlines have been consumed with a potentially even larger and further-reaching attack on over 125,000 unpatched Microsoft Exchange servers and potentially tens of thousands of already infected patched servers. The true extent of the hack may never be known as many of the organizations affected likely won’t come public unless forced to do so by regulators.

What the SolarWinds and Microsoft attacks do reveal is how unprepared the world is for this new stage of cyber warfare. Through the drastic shift in the workforce caused by the global pandemic, businesses today are more reliant on technology and work-from-anywhere has required corporations to open up data access from virtually any location with connectivity. When your entire business relies on technology, the attack surface of where you could be vulnerable likewise grows in scale.

Every SolarWinds customer who installed the Orion software patch — allowing the bad actors access to their systems — could potentially still be compromised and similarly, any Microsoft customers with unpatched Exchange servers have to scour their devices looking for new vulnerabilities the attackers created while inside their systems.

What this means for the future of cybersecurity is that protecting networks and systems will require real-time access and analysis of all data coming into and leaving your organization. Organizations can no longer rely solely on patching and plugging systems and hoping for the best. As the SolarWinds hack exemplifies, sometimes the patch creates the vulnerability. Machine learning and artificial intelligence allow for such analysis — identifying known attacks and unknown attacks more quickly. The unknown attacks are known as zero-day attacks as they have never been witnessed previously. To protect against these invasions, an organization must analyze all data coming into and leaving their systems. Threat Detection and Response systems such as WatchGuard’s ThreatSync are one solution that utilizes machine learning and can decrease time to detection and remediation through analysis and policy-based automation. WatchGuard Threat Detection and Response (TDR) is a powerful collection of advanced malware defense tools that correlate threat indicators from Firebox appliances and Host Sensors to stop known, zero-day evasive malware threats.

WatchGuard Host Ransomware Prevention (HRP), a module within the WatchGuard Host Sensor, utilizes a behavioral analytics engine to determine if a given action is associated with a ransomware attack. HRP is a component of Threat Detection and Response and included with WatchGuard Total Security Suite.

While no system exists that can stop every threat, allowing your systems to leveraging the latest in cloud-based threat correlation from other appliances around the globe, can keep you at the front of the herd.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.