Illustration of computer hacking code

While the world of cybersecurity is never dull and rarely slows down, the last couple of weeks in particular have been exceptionally interesting.  Specifically, the announcements and disclosures from FireEye, SolarWinds and the other affected parties.  While I could easily fill my blank page with a rehash of the situation, the threat actors and the ongoing fallout, I’ll spare you my clinical take on things and rather talk about some of the other less noted outside of the gritty details.

“If you can meet with Triumph and Disaster and treat those two impostors just the same.” Rudyard Kipling

For some, the events of the last two weeks may be a blip. Even for those of us who may not be clients of either of the vendors involved, there are many similar products, services or methodologies that we may use.  This has spawned a level of self-audit and re-evaluation that does seem to happen when similar events take place.  Is there anything different this time?  I believe there is. 

The level of community that I’ve experienced has been both impressive and appreciated.  Whether it be direct peers helping each other with resources, engaged vendors checking in to make sure that both solut and our client partners are okay, the engagement has been positive.  Industry peer groups and forums have been quick to share developments, IOCs and general intel and advise in performing active threat hunting within environments.  Last but not least, the level of engagement from within the solut team both from the technical and non-technical side has been fantastic.

So where do we go from here?  As with all Triumphs and Disasters, there are lessons learned, and though we are still working our way through the analysis and remediation globally, here are a few things I’d like to note and reaffirm:

  1. Data is king. Quite simply, you can’t analyze what you don’t have, and you’ll never discover successes or failures if you don’t look.
  2. Cybersecurity is a team sport, everyone is responsible for practicing good cyber health and making it a priority.
  3. There is an influx of misinformation during times of chaos, so be diligent, and do your research.
  4. Don’t be an opportunistic jerk. There is a difference between being an altruistic partner or vendor, and an ambulance chaser.  Chances are I won’t return your calls if you are the latter.
  5. Don’t ignore basic maintenance and patching. Get it done!

A wise man I once knew used to say, “This too shall pass” quite frequently.  I know that as a collective we will learn from this and move forward.  We are here to help, and I am grateful for the people, groups and vendors that we engage with, because they are also there to help.  So feel free to reach out, let’s compare notes and all get better together.