12 Lessons Learned From The SolarWinds Breach: RSA Conference

Rigorously Examine Traffic Leaving Network

Organizations need to have the same rigorous protection rules and policies in place for traffic leaving the network as they do for traffic that’s coming into the network, according to RSA Security CEO Rohit Ghai. If organizations had configured their software servers to only allow access to known good entities, Ghai said the SolarWinds hackers wouldn’t have been able to be nearly as disruptive.

Companies face a polymorphic threat environment, with adversaries constantly compounding and changing their configuration protocols, which Ghai said makes identifying known bad configurations a very human-intensive process. Even allowing access to only known good actors can be challenging since new devices and systems are constantly being added to the network, making automation necessary

Disrupting the spread of malware actors and viruses by tightly monitoring outbound network traffic will help make the world a safer place even if the organization in question doesn’t directly benefit, Ghai said. Organizations should leverage sophisticated artificial intelligence and machine learning to monitor configurations since human diligence alone isn’t enough to ensure things are configured right, he said.