The Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other partners to recognize April as National Supply Chain Integrity Month and promote a call to action for a unified national effort to strengthen global supply chains.
High-profile breaches are becoming an increasingly common occurrence as threat actors are successfully compromising one of the most vulnerable assets to an enterprise — the software supply chain. If vulnerabilities in an organization’s critical supply chain are exploited, they can have cascading impacts that affect buyers, suppliers, and users.
“As the number of sophisticated cyberattacks increase, we’re reminded that supply chain security is not a nice to have, but an urgent necessity,” said CISA Assistant Director Bob Kolasky. “Government and industry must work together to strengthen and enhance the security and safety of our critical infrastructure and the associated supply chains that support the resilience of our nation.” (1)
Recent attacks on the software supply chain like SolarWinds (2) and Qualys (3) prove just how dangerous this type of attack is. Our country faces lost innovation, reduced economic advantage, threats to national security and more when these attacks are successful.
It’s time for organizations to rethink their security strategies and pay close attention to protecting their software supply chain.
ThreatWarrior: Network and Supply Chain Threat Detection
ThreatWarrior was natively built to help you better protect your supply chain. Our Supply Chain Threat Detection capabilities identify known threat signatures and anomalies in your software supply chain, including in your other critical software applications and security tools.
The growing supply chain introduces new vulnerabilities to your organization, and auto-updates can further increase the threat surface. ThreatWarrior uses deep learning AI to reveal any anomalous behavior or suspicious updates, and identifies malicious communication between your environment and outside entities.
Many cybersecurity strategies and practices were created in a time when organizations still believed they could trust their vendors and third-party applications. Today, we know that “only using trusted vendors” does not make your network secure. Trusted vendors, even cybersecurity vendors, can be used to leverage attacks against an organization. Just because a solution is already deployed inside an enterprise does not make it immune to compromise.
SolarWinds and Qualys are not the only cyberattacks to leverage the software supply chain, and we’ll certainly see more of this type of attack. The hyper-connected supply chain requires more attention than ever to secure and security models must adapt to reflect that.
Contact us today to learn how to protect your supply chain with network detection and response solutions and see how ThreatWarrior protects your network and software supply chain from constantly-evolving cyber threats.
To access tools, resources, and more information about National Supply Chain Integrity Month, visit CISA. (4)
References:
1) https://www.cisa.gov/news/2021/04/01/cisa-and-partners-promote-call-action-during-national-supply-chain-integrity-month
2) https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
3) https://www.computerweekly.com/news/252497263/Qualys-caught-up-in-Accellion-FTA-breach
4) https://www.cisa.gov/supply-chain-integrity-month
