Secure Works Blog – Kyle Falkenhagen
Secureworksâ deep understanding of threat actor behavior and intent allowed us to leverage the data retained by the platform to help customers quickly assess any potential impact. Experts on our teams took what we were learning about the threat actor behaviors and conducted proactive threat hunts to look for these new behaviors across all Threat Detection and Response (TDR) customers. For our Managed Threat Detection and Response customers, those threat hunting playbooks are now baked-in to our standard service offering, and new detectors will be automated in the platform. And through timely access to applicable research and open Q&A, all customers were able to meter their own responses to this highly public news event. Secureworks CISO, Ken Deitz, also contributed to best-practice discussions for managing least-privilege and managing supplier responses to security events.
The importance of the management of identity and cross-domain trust is further underscored in our recent CTU TIPS (Feb 2, 2021), which references an interview with Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency (CISA), in which he states that approximately 30 percent of the victims linked to the SolarWinds supply chain compromise did not run the SolarWinds Orion software. How Our Cloud-Native Platform Protects Customers Secureworks TDR ingests and retains telemetry for one year, applying indicators of compromise and countermeasures out of the box and updated periodically throughout each day. SOC users can disable a user in Azure AD directly from our platform in response to an alert. Threat Advisories are included to provide context of Threat Actor Intent and behavior, and are linked directly from alerts that have applicable indicators of compromise VDP’s risk-based prioritization helps customers stay focused and on track and respond to the vulnerabilities that create the highest risk in their environment.
Link: https://www.secureworks.com/blog/secureworks-offers-and-the-solarwinds-supply-chain-attack