How a leading financial institution leveraged Tavve to get back the visibility that the SolarWinds breach took away.
The SolarWinds Breach Backstory
SolarWinds is a well-known enterprise network management software that helps large companies manage and observe their networks. In 2020, SolarWinds was the target of a supply chain attack by a Russian nation-state group of hackers that led to a still-evolving series of events, the likes of which seemed to come straight from a James Bond movie.
SolarWinds Chief Executive, Sudhakar Ramakrishna, told customers that the initial access was most likely attained through a compromise of user credentials or a 0day exploit in a third-party application.
The hackers gained access to the SolarWinds corporate network and proceeded to burrow deep into the company’s software development process and code pipelines. The attackers were extremely patient, highly sophisticated, highly skilled, and were able to inject malicious code into the software build processes and deployment pipelines undetected. As a result, SolarWinds unknowingly shipped malicious code that would allow the same attackers to potentially compromise the networks of any customers who installed the patch. Over 18,000 customers downloaded that malicious code across all industries in the United States, including the United States federal government.
Security experts call the hack the worst breach in U.S. history, noting it will take millions of dollars and a long, long time — years — for impacted agencies and organizations to fortify their systems again.
Tavve’s technology was already deployed in one of their data centers and proved to be the visibility answer for the gap that SolarWinds had left.
Latest Developments
As serious as the Russian-backed attack is, this doesn’t even include the latest developments. In early February, the story broke that a separate Chinese group compromised a SolarWinds bug and leveraged it to spy on a U.S. payroll agency. What’s clear here is that this story is far from over, and so is the potential fallout.
While the extent of the SolarWinds breach is still being uncovered, enterprises have to make quick decisions based on the information they have now. Companies still need to keep their network services optimal, all the while reducing their risks.
The Result
As a result of the severity of the breach, and at the CISA and DHS direction, most organizations removed all SolarWinds products in an emergency fashion to limit their exposure risk. While this removed the risk of the clear and present danger, what it left behind was a massive network observability blind spot for network operations and cybersecurity teams. It was a necessary short-term fix to long-term supply chain security problems, but all decisions have a risk tradeoff.
While the response speed is an obvious imperative, the options government agencies and corporations have in their response is something else. Let’s look at a recent success story and one that is repeating itself in the market lately.
We are using ZoneRangers to help ease the pain of dealing with the technical logistics of getting other data centers and subsidiaries monitored
— Top 10 US Financial Institution Leader
An Enterprise Response
Enterprises cannot secure what they cannot see and cannot observe and optimize what is not visible. In the aftermath of SolarWinds, a top 10 financial institution began looking for new ways to get back the visibility needed to run day-to-day operations and supplement threat hunting exercises. Tavve’s technology was already deployed in one of their data centers and proved to be the visibility answer for the gap that SolarWinds had left.
With Tavve Zone Rangers, this financial institution was able to:
- Observe the traffic being passed between data centers and high-risk network segments (i.e., DMZs, Third-Party zones, etc.) to determine where changes were needed.
- Increase visibility into their affiliate and subsidiary networks by migrating bespoke SolarWinds platforms into the centralized Tavve network observability platform.
- Better coordinate the technical logistics of the needed remediation efforts to migrate network segments or greenfield / new network segments (i.e., modifying the appropriate ACL (Access Control Lists) and firewall rules, etc.).
- Build visualizations of network patterns, orphaned network devices, and traffic anomalies to better observe, detect, understand, and respond to network changes.
Tavve saved this financial institution weeks on their remediation and cleanup efforts. In addition to increased visibility and network simplification, Tavve eased the pain of response that many organizations still face today.
Today’s businesses are growing in size and complexity, and supply chain breaches only make matters more complicated. Enterprises need a network that can keep up with their needs while being flexible enough to adapt to new technologies and respond to emerging threats.
This is where Tavve comes in. Tavve is a security and observability product, making the enterprise network more secure, flexible, and optimized through meaningful network visibility.
Tavve saved this financial institution weeks on their remediation and cleanup efforts.
For more than 15 years, financial institutions, government agencies, and large public utilities have looked to Tavve for expertise to manage their networks securely. Tavve also offers consulting services for network management integration and strategies.
Reach out to us today to learn more about how Tavve can help reduce noise, streamline your response, and optimize your network observability.