two gray bullet security cameras

Using Zero Trust to protect against Solorigate

Over the last month the Solorigate supply chain attack has been at the forefront of the news within the IT Industry. This was a sophisticated supply chain attack that utilised malicious SolarWinds files to potentially give nation state actors access to victims’ networks. The uniqueness of this this attack was the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure.

What we have learned as an industry is that although Zero Trust would not have stopped the Solorigate attack or other sophisticated attacks, it would of helped dampen the capabilities of such an attack. Within a Zero Trust mentality organisations become more resilient, consistent and responsive to new attacks, but gaps in the application of the principles, can still be exploited by actors.

I have recently come across a blog from Alex Weinert, Partner Director of Identity Security at Microsoft. This discusses how Zero Trust could protect against these sophisticated attacks.

Some of the key takeaways are that although the attack was sophisticated in its nature the actual tactics, techniques, and procedures (TTPs) were very ordinary. This can be evidenced by the methods that compromised the identity environment, with known techniques like password spraying, phishing, or malware being used to compromise user credentials and gave access to critical access to networks. Also where the actor succeeded, highly priviliged vendor accounts lacked protections.

Add into the factor that user and vendor accounts had broad role assignments and permissions that exceeded the role requirements, abondoned accounts and applications which had permissions they shoudn’t have. This enabled the attacks to progress.

Taking in to account the 3 core principles of Zero Trust, Verify Explicitly, Least Priviliged Access and Assume Breach. If the first principle had been implemented fully the attack would of significantly reduced in risk or have been mitigated through the application of security best practices. This highlights that one of the first actions you should take on your Zero Trust journey is the enablement of Multi Factor Authentication (MFA), this significantly reduces the probability of account compromise by more than 99.9%.

Zero Trust: Microsoft Step by Step

With the products included in the Microsoft 365 suite of tools, its very easy to start that journey down the roadmap to Zero Trust.

Zero Trust: Microsoft Step by Step

Thanks to Alex Weinert for the great blog – Using Zero Trust principles to protect against sophisticated attacks like Solorigate – Microsoft Security

Latest Posts

Twitter Feed

Leave a Reply

Windows 365 Banner Image

Windows 365 – A Quick overview

In the flurry of news yesterday from the Microsoft Partner Conference, MS Inspire, the big news of the day was undoubtedly about Windows 365 or as it has been dubbed for the last few months Cloud PC. Microsoft have announced it as a new era in hybrid personal computing, but what does that mean and

Read More »
Microsoft Ignite Digital Event Banner

Microsoft Ignite 2021 – Book of News

The Microsoft Ignite Book of News has been launched now, with the latest updates and news from across the Microsoft Stack, including Microsoft Azure, Microsoft 365, Power Platform, Dynamics and the Security Stack. The link to the Book of News is here- Microsoft Ignite 2021 Book of News Although only managed to have a brief

Read More »
Scroll to Top