GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

Recent Security Breaches and Steps to Protect Yourself

Posted by: GreenPages
Read More
All Posts

Recent Security Breaches and Steps to Protect Yourself

You are probably familiar at this point with the security attacks against FireEye and SolarWinds. The GreenPages Team has been digging into the incidents and collecting information on how best to inform our network. We hope you find this insight useful.

The details as we know them:

  • What happened is a nation-state style attack. This is not script kiddies (if they even exist anymore) or a gang, or even tier 2 professionals. If it is what FireEye has shared, this was the best-of-the-best computer scientists out there working to take them down.  
  • This was not a random attack. For an N-S attack to occur and for the organization to be willing to "burn" tools (burn = expose unknown weakness and exploits so that the exploits can't be used again), there would need to be clearance to do so at the highest levels of government.
  • An N-S attacker has unlimited resources, and for something like this to occur at this level, it is highly likely this attack was politically motivated; so unlimited truly means unlimited.

Unfortunately we may never find out the exact details of what happened. Scratch that, we will never find out all the details. This event should bring to light how vulnerable all of us are and why continuous diligence is critical to protecting our networks.

As we all know, anyone can be hacked, any environment can be breached, and anyone can accidentally lose data. It happens. It is shocking and upsetting to see pillars in the security tools community attacked. Our stance has been and continues to be the following:

  1. Clean up and lock down Active Directory
  2. Strong passwords - the longer the better
  3. Accounts with elevated privileges can’t access the internet
  4. MFA for everyone and everything
  5. SSO is the way to go
  6. Layer the tools to ID different types of malicious behaviors and anomalies
  7. SIEM & SOC services provide 24x7 monitoring and evidence collection
  8. Security Awareness training matters

It is important that our clients stay more diligent than ever, that security awareness needs to be raised inside your organizations, and that GreenPages is here to help you achieve the best levels of protection possible.

Whether firewalls, endpoint security, SOC2, or CMMC, GreenPages can help you select tools, layer security, select certifications, and manage all of this as you need. Reach out to us.

“Related Articles”


Related Posts

Tech News Recap for the Week of 04/05/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/05/21!

Tech News Recap for the Week of 03/29/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 03/29/21!

Is It Possible for Security to Coexist with Hybrid Work Post Pandemic?

By Randy Becker, VP & Principal Security Architect The pandemic has brought new and interesting challenges for all of us to deal with and certainly the balance of supporting users working remotely while ensuring security has not been easy. Initially we all had to scramble to figure out ways to allow employees to work from home. Some crazy things happened, including people bringing their desktop PCs home, connecting home PCs (with unsupported operating systems) to corporate VPNs, etc. Now we are seeing discussions about returning to work. What does that look like and what is it called?