Last month on the blog we discussed how the Blue Ridge Networks’ LinkGuard solution could protect your organization against potentially devastating events like the recent Sunburst (SolarWinds) cyberattack – this week we’re looking at alternative strategies for preventing similar attacks.
In a supply chain attack the malicious party undermines the methodologies used by most endpoint tools to determine attacks and risks. Hackers infiltrate the network through a previously trusted compromised third-party provider with access to systems and data. At that point there is no longer an effective perimeter to prevent zero-day malware attacks – so what then?
Time and again scanning and whitelisting-based systems have proven ineffective against sophisticated attack vectors at this stage, demonstrating the critical importance of a Zero Trust solution for endpoint and server security. AppGuard from Blue Ridge Networks is designed to prevent zero-day malware and sophisticated supply chain attacks, like the SunBurst attack, from successfully executing. Here’s how.
AppGuard
AppGuard’s default policies, plus patented isolation and containment methods make it the ideal resource for defending against supply chain attacks. Since the solution doesn’t rely on whitelisting or scanning for known signatures or patterns to differentiate between good and bad files, it doesn’t require constant, cumbersome updates to ensure your network remains safe from the latest threat vectors.
The key is the lightweight agent which sits at the base of the network and blocks unacceptable actions like code injection, or writing to the registry at the process level. From there, our advanced policy enforcement engine proactively prevents viruses, fileless malware, botnets, polymorphic malware, weaponized documents, targeted attacks, in-memory attacks, ransomware, phishing, watering-holes, drive-by-downloads, and other undetectable advanced threats.
When compromised software is present, AppGuard ensures it can’t carry out any unauthorized action to harm your device or network. The origin-agnostic offering protects against persistent threats and targeted attacks by blocking execution of malware emanating from a ‘trusted’ source. The solution also establishes patented controls that empower organizations to be more agile, and adopt zero trust policies faster than any competitive offering.
To ensure that the integrity of this layer in the security stack remains effective, we regularly review and evaluate AppGuard’s configuration. In fact, the recommended settings we updated and published in 2019 would have provided an enhanced layer of security capable of stopping the SolarWinds attack in its tracks. AppGuard’s autonomous policy engine would have allowed users to continue utilizing SolarWinds functions, while protecting themselves from the dangerous processes spawned by the malicious code.
In short, a security infrastructure including AppGuard would have inherently ignored the fact that SolarWinds is a “trusted” application, recognized that SolarWinds monitors infrastructure, and resolved that it had no legitimate business carrying out the actions prescribed by the malware.
Interested in discussing how AppGuard could benefit your agency or organization? We’d love to chat about it. Reach out to our team of experts with any questions.