Securing supply chains with Open XDR

esteria.white

Securing supply chains with Open XDR

How Open XDR provides an effective and comprehensive way to combat threats

Aimed Weitechnical director, Stellar Cyber

San Jose, California – February 15, 2024

Cyberattacks are on the rise across all industries, but software companies and their customers remain particularly vulnerable due to their interconnectedness with clients and IP networks. A compromised system can lead to infiltration of all dependent client systems and their networks. Compromised software can be distributed with a routine software update, which would bypass traditional firewalls (this happened in the SolarWinds incident). These attacks use a variety of methods to evade common security measures and detection tools.

It’s difficult for businesses to manage risk in every element of their supply chain and secure every step of their supplier network. In this article, we’ll look at how current covert security systems are often inadequate in their detection methods – and how Open XDR provides a more effective and comprehensive way to combat these threats.

Detection and response

Following large-scale cyberattacks, it is often revealed that hackers had infiltrated the systems of large companies months before the data breach. In fact, attacks are often only discovered after customer data has been compromised and a breach has been reported. And the longer a hack remains undetected, the greater the damage. Hackers can therefore target multiple businesses across the supply chain with a single attack, compromising their entire data and revenue.

Common forms of attack include:

  • Hacking Software Updates
  • Undermining code signing
  • Compromising open source code

Immediate and effective responses are essential to mitigate the scale of damage caused by these cyberattacks. To remain fully vigilant, businesses must monitor not only traditional tools such as their firewalls, web security gateways, and email gateways, but also internal network traffic, servers, applications, clouds, points endpoints and user behavior.

Traditional security monitoring methods often include in-depth vigilance on only one aspect of a network. Each security tool is specialized only on this assigned aspect. In a multi-vector attack, analysts only investigate individual incidents and the results must be correlated manually, creating not only massive inefficiency but also an incomplete approach to security.

Open XDR, on the other hand, analyzes attack trends occurring across all aspects of the network, to determine which incidents are evidence of a security breach, as well as the attack vector. Open XDR platforms also create a response plan so analysts know which incidents to prioritize when addressing a breach.



Why open XDR?

Imagine that your network functions like a city. To protect your city and its inhabitants, you have a solid wall that surrounds the city. However, you must still import and export goods from your city to support its economy; the supply chain in this case is like the merchants who come from far away to trade with your city. Even if your wall is impenetrable, hackers can still attach themselves to the cart of, say, a licensed merchant, or pose as the people transporting the merchandise. A breach at any point in the system, from the cart manufacturer to the company that hires drivers, can compromise the safety of your city.

To continue the analogy, an attack might look like an intruder sneaking into your town by attaching itself to the bottom of a vegetable cart. To collect data, the intruder must at some point detach himself from the cart. Suppose the intruder then finds a citizen’s home to rummage through their belongings (in this case, their data). This infiltration is registered on your system as a house entry at 3 a.m., which is unusual.

However, not all unusual incidents are necessarily a sign of an attack. Perhaps the 3 a.m. entry was simply a citizen returning home from a delayed trip or night out. Investigating each of these incidents would overwhelm your city’s resources (your security team) and be completely ineffective.

In contrast, when a neighborhood records a series of entries at 3 a.m., those entries would indicate a pattern of behavior that would be considered suspicious. These are the patterns your security team should be aware of and then address.

Hackers can be patient. Perhaps the intruder remains attached to the cart for months before venturing outside to investigate citizens’ homes. As soon as they begin to infiltrate the network, an Open XDR platform will flag the activity and map it in the context of other surrounding incidents to develop an appropriate and effective response.

Securing every step of the supply chain is an important but overwhelming task. Imagine if there were thousands of vendors entering the city every day, and each of them sourced materials, drivers, and equipment from their own vendors; the supply chain is vast and it only takes one undetected network hack to cause immense damage. Of course, it is still important to maintain the wall and carry out checks on the providers’ networks, but other measures must be taken to resolve such a problem.

Open In other words, city police will have all the information they need to respond to a series of burglaries in the neighborhood, which would be different from responding to a row of burning houses.

Any organization can be the target of cyberattacks, and hackers’ methods are evolving every day. A cybersecurity program that can effectively defend against supply chain attacks and respond quickly, efficiently and cost-effectively through a unified platform is essential to protecting the business today.

– Aimei Wei is the technical director of Stellar Cyber.


About Stellar Cyber

Stellar Cyber’s The Open XDR platform delivers comprehensive, unified security without complexity, enabling small security teams of any skill level to successfully secure their environments. With Stellar Cyber, organizations reduce risk through early, accurate threat identification and remediation while reducing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8x improvement MTTD and a 20x improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.

Leave a comment