The central issue behind the latest headline-grabbing security breach – an incident that directly impacted several major US government agencies – highlights pervasive issues related to many organizations’ use of the popular Office 365 and Azure Microsoft cloud platforms.
According to numerous reports, nation-state backed hacking campaigns targeting vendor SolarWinds and its customers at the Commerce Department’s National Telecommunications and Information Administration (NTIA), among others, took advantage of cloud security gaps that may exist for many organizations – highlighting the need for additional controls designed to detect and thwart such threats as they transpire.
While Microsoft and SolarWinds are working to remediate the underlying issues related to the attacks on Office 365, Azure Active Directory and a key domain name, the scenario throws greater light on the requirement for dedicated capabilities aimed at pinpointing such a compromise – threats that can play out when existing cloud applications and platform defenses are circumvented and underlying vulnerabilities have been exploited.
Despite the fact that Microsoft has spent significant effort incorporating powerful security capabilities into its cloud-based tools, such attacks that involve elite hackers using advanced techniques to bypass existing protections clearly remain a major threat.
This is just one of the many reasons that so many practitioners have turned to CipherCloud solutions to increase their visibility into and control over Office 365 – in particular to help address their advanced data protection requirements and use of multiple cloud applications.
Here’s what we know about the attack:
According to SolarWinds filings with the SEC, the involved attackers were able to compromise the company’s Microsoft Office 365 emails with forged SAML tokens. The hackers were also able to compromise SolarWinds’ Azure Active Directory along with privileged accounts in the organization as detailed below:
And this is how the hackers involved were also able to reportedly gain access to over 18,000 of SolarWinds’s public and private customers through trojanized updates to SolarWinds’ Orion network monitoring software, as detailed by FireEye.
This scenario further reinstates the point that cloud service providers’ native controls are often insufficient for countering sophisticated cyberattacks, especially as today’s organizations adopt dozens, if not hundreds of individual cloud and SaaS applications and must attempt to manage security and compliance across all of them.
How can employing a leading-edge cloud security solution from CipherCloud help?
Beyond providing customers with a centralized platform through which to monitor and enforce advanced cloud and data security policies across all of their applications, solutions such as CipherCloud CASB+ can specifically:
Again, it is always important to point out that it’s extremely difficult to get everything right all the time and we’re not criticizing SolarWinds, and certainly not Microsoft. The main issue is configured supply-chain trust that you must also verify continuously.
What’s critical to understand is that – as your organization continues to adopt cloud applications and infrastructure at a furious pace to accelerate and optimize business, you have to similarly adopt advanced controls to improve your security posture and decrease your overall cloud and data security risk – and CipherCloud CASB+ is a great place to start.
For more information on CipherCloud CASB+ Microsoft Office 365 capabilities, click here.
OR CALL 1-855-524-7437