Imperva Cyber Community

 View Only

Trust...but verify with RASP

  • 1.  Trust...but verify with RASP

    Posted 12-18-2020 13:27
    Edited by Michael Franklin 01-07-2021 05:56

    An unfortunate bit of news recently came to light.  A trusted supplier of network monitoring software was the victim of a hacking group targeting the supplier's customers - particularly those in the US Federal Government and other enterprises with valuable data to steal. 

    Infiltrating the supplier's infrastructure, the group was able to modify the code of an innocuous sounding update made available to the network monitoring software installed at customer locations.  The tainted update included a backdoor that communicates via HTTP to external servers, runs OS commands, and accesses files among other things. 

    As of today, the supplier's customers are scrambling to turn off the network monitoring software and determine if they were compromised as well.  A nightmare scenario for the supplier and their customers to be sure. 

    It's easy to point the finger of blame but security isn't always easy when a skilled hacking group sets it's sights on you.  There are numerous ways both technical (e.g. 0-day exploit) and non-technical (e.g. social engineering) that an organization can be compromised.  If that's the case, then perhaps we customers need to reconsider the implicit trust that we give to our software suppliers? 

    But what is a concrete step that we can take to reduce our risk?  To "trust but verify"?

    Deploy Imperva RASP on all 3rd party software.

    Rather than assume that the code we received from a 3rd party is benign, use the Imperva RASP plugin to ensure that the application operates as you expect...and no more.  Imperva RASP neutralizes 0-day exploits and backdoors by preventing the application from making unauthorized outbound network calls, running unexpected operating system commands, accessing restricted files/directories and much more.

    Imperva RASP deploys in minutes, is completely air-gapped (no inbound/outbound network connectivity) and requires no signature updates.  Easily snapping into an application without code changes, Imperva RASP is a fast and easy way to mitigate risks introduced through your 3rd Party Software Supply Chain.

    #RASP  #SolarWinds   #FireEye

    Christopher Prevost
    Head of Solutions Architecture, Runtime Security