15 Feb Securing Supply Chains with Open XDR
How Open XDR provides an effective and comprehensive means of combating threats
– Aimei Wei, Chief Technical Officer, Stellar Cyber
San Jose, Calif. – Feb. 15, 2024
Cyberattacks are on the rise in every industry, but software companies and their clients remain especially vulnerable because of their interconnectedness with clients and IP networks. One compromised system can lead to the infiltration of all of the dependent client systems and their networks. A compromised software can be distributed along with a routine software update, which would bypass typical firewalls (which happened in the SolarWinds incident). These attacks employ diverse methods to escape most common security measures and detection tools.
It is a difficult task for companies to manage the risk to every element of their supply chains and to secure every step in their supplier network. In this article, we will see how current discrete security systems are often inadequate in their detection methods – and how Open XDR provides a more effective and comprehensive means of combating these threats.
Detection and Response
In the aftermath of large-scale cyberattacks, it is often revealed that hackers had infiltrated the systems of large enterprises months before the actual data leak. In fact, attacks are often only discovered after customers’ data has been compromised and a breach is reported. And the longer a hack goes undetected, the greater the extent of the damage. Hackers can therefore target multiple companies along the supply chain with one attack, compromising all of their data and earnings.
Common forms of attack include:
- Hijacking software updates
- Undermining code signing
- Compromising open source code
Immediate, effective responses are key to mitigating the extent of the damage caused by these cyberattacks. To remain fully vigilant, companies must monitor not only traditional tools such as their firewalls, web security gateways, and email gateways, but also internal network traffic, servers, applications, clouds, endpoints, and user behavior.
Traditional methods of security monitoring often include extensive vigilance only on one aspect of a network. Each security tool is specialized to only that assigned aspect. Analysts in a multi-vector attack investigate only individual incidents, and results must be manually correlated, creating not only mass inefficiency, but also an incomprehensive approach to security.
Open XDR, on the other hand, analyzes trends of attacks that happen across all aspects of the network, in order to determine which incidents are evidence of a breach in security, and also the vector of attack. Open XDR platforms also create a response plan so that analysts know which incidents to prioritize when addressing a breach.
Why Open XDR?
Imagine that your network functions like a city. To protect your city and its inhabitants, you have a strong wall that surrounds the city. However, you must still import and export goods from your city to sustain its economy; the supply chain in this case is like the merchants who come from afar to trade with your city. Even if your wall is impenetrable, hackers can still attach to the cart, for example, of an approved merchant, or impersonate the people who transport the goods. A breach along any step of the system, from the cart manufacturer to the company who hires drivers, can compromise the security of your city.
To continue with the analogy, an attack could look like an intruder sneaking into your city by attaching to the bottom of a vegetable cart. To harvest data, the intruder must at some point detach from the cart. Say the intruder then finds a citizen’s home to rifle through their belongings (in this case, their data). That infiltration registers on your system as a home entry at 3 a.m., which is unusual.
However, not all unusual incidents are necessarily a sign of attack. Perhaps the 3 a.m. entry was simply a citizen returning home after a delayed trip, or a night out. Investigating each of these incidents would overburden your city’s resources (your security team), and would be grossly inefficient.
When a neighborhood logs a string of 3 a.m. entries, on the other hand, those inputs would indicate a pattern of behavior that would register as suspicious. These are the patterns that your security team would need to know about and then address.
Hackers can be patient. Perhaps the intruder stays attached to the cart for months before venturing out to investigate citizens’ homes. As soon as they begin to infiltrate the network, however, an Open XDR platform will flag the activity and map it in the context of other surrounding incidents to craft an appropriate and effective response.
Securing each step of the supply chain is an important but overwhelming task. Imagine if there were thousands of vendors entering the city each day, and each of them sources their materials, their drivers, and their equipment from their own vendors; the supply chain is extensive, and it only takes one undetected hack into the network to cause an immense amount of damage. Of course, it is still important to maintain the wall and perform checks on vendor networks, but other measures must be taken when addressing such an issue.
Open XDR therefore does not only create a target small and specific enough to address, but also provides a plan to address the incident based on its localization, its scale, and its target. In other words, the city’s police force will have all the information they need to mount a response to a string of burglaries in the area, which would be different than their response to a row of houses that have been lit on fire.
Any organization can be the target of cyberattacks, and hackers are evolving in their methods every day. A cybersecurity program that can effectively defend against supply chain attacks and respond quickly, effectively, and cost-efficiently with a unified platform is key to protecting enterprise in the present.
– Aimei Wei is the chief technical officer at Stellar Cyber.
About Stellar Cyber
Stellar Cyber’s Open XDR Platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill level to secure their environments successfully. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8X improvement in MTTD and a 20X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.
