Showing results for 
Search instead for 
Did you mean: 
Create Post

A 3-pronged Approach to Fighting Foreign Cyberattacks

Level 12

By Joe Kim, SolarWinds Chief Technology Officer

We are in the process of wrapping up our next federal cybersecurity survey and we are eager to see the results. I fully expect foreign government threats to be near the top of the list, and I thought this would be a good time to remind folks of some security fundamentals, presented by my colleague Mav Turner, SolarWinds Senior Director, Product Management.

When we think of cyberattacks, we generally picture a lone wolf hacker or Anonymous-type organization. But foreign governments are also formidable threats. Scan recent headlines and you’ll see articles explaining that cyber hacks on Sony Pictures Entertainment and the Democratic National Committee—among many others—have been attributed to North Korea and Russia.

Last year’s SolarWinds federal cybersecurity study revealed foreign governments pose some of the most serious risks for cyberattacks. Results indicate an uptick in reported government-backed threats over the past few years, with reports increasing from 34 percent in 2014 to 48 percent last year.

As publicity surrounding breaches grows, the public's demand to attribute breaches to a specific government or nation-state and the expectation of an explanation grows as well. This "pressure cooker" climate complicates and sometimes politicizes decision-making for agencies.

While there is no magic bullet, concentrating on three fundamentals—process, people, and tools—can create a good foundation for a well-designed security posture. Here’s how agencies can make them work together.

Develop a Sound Security Process

Agencies must develop proactive, well-formulated plans that outline exact steps that must be taken in case of an intrusion, taking into account which employees have access to what information, and the solutions the agency will employ to monitor networks. A step-by-step management approach will help ensure that no data is left unguarded.

Invest in People and Education

All personnel—not just IT—should be informed about the varying types of existing threats. They should also know that their organizations could be targeted at any time. IT personnel who react to frontline security breaches must have an especially deep understanding of the tools used to manage and thwart threats.

The need to invest in people is underscored by the release of the federal cybersecurity work force strategy, an action plan from the White House’s Office of Management and Budget to find, develop, and expand the nation's cybersecurity talent in the public and private sectors.

Deploy the Proper Tools

Patch management and network automation software add layers of security, and use standardized device configuration and deployment automation to reduce configuration errors. The best-in-class network security tools also use change monitoring, alerts, configuration backups, and rollbacks to improve network reliability. 

Just as foreign governments use teams of people to attack, domestic agencies find strength in their numbers. Social media, networking groups, and threat feeds provide great tools for sharing information about the latest threats, and educating peers on ways to fortify networks. IT personnel should use them to stay ahead of potential attackers.

Organizations should band together. The most strategic defense against cyber breaches will come when federal, state, and local agencies—including law enforcement and other security personnel—across the United States share resources and work together to fight foreign intrusion into U.S. cyberspace.

Find the full article on Signal.

Level 10

Anyone else think cyber attacks will increase as chatter about the US going after North Korea increases?


To think they won't would be silly.

Level 14

Good read.  I agree that this three pronged approach is a good start.  The common denominator is people, layer eight.  The further up the OSI model you go, the greater the number of security holes are present.  Securing layer one is easier than securing layer seven.  People reside at layer eight, and this three pronged approach addresses layer eight problem consistently. Sound security processes are designed to give people proper guidelines to follow, and repercussions if not followed.  Investing in People and Education will provide user training to avoid phishing attacks as well as ensuring your Intrusion Analyst is up to speed on proper network defense.  Deploying the proper tools limits human error.  The more you automate and standardize, the less chance there is of a configuration error or an unpatched DMZ server.

Focus on people and you can't go wrong.  I can pretty much guarantee the coordinated groups of attackers are focusing on their people.

Level 14

I am sure they will attack and we will here all about it.  I'm sure we will attack.  I wouldn't be surprised if we already have hooks into their networks.  However, we won't hear about our attacks.


Good article and I agree with the order. Policy needs to come first. Having good people and/or tools without policy doesn't work.


Nice article

Level 13

One of the things we did is put in country based blocking - our company only deals with Canada and US based people and companies...any traffic coming from any other country's IP Addresses gets dropped/blocked...

Level 20

Some of us here on thwack know all too much about this... Now with the new RMF - Risk Management Framework being rolled out across the US Government a whole new strategy is being formed based on Risk Management and continuous monitoring.  I remember while in Computer Science undergrad a professor telling me half or more of you will in some way be working for the US Government.  At the time I thought that was a little far fetched... not so much now!  Whether military, government, or contractor for the US I believe it today.


I'm a CISSP and am working on my CEH now.  I see the combo of CISSP and CEH as covering most of the new Security certs required.

Level 14

I agree with all that except I would also add Isolation and Recovery.  You should be prepared to quickly isolate an breach and recover from an event.  Policies and procedures should also be in place.

Definitely isolation.  I read, some years ago, that N.K. has only two or three Internet pipes into their country.  It allows them strict censorship capabilities, and lets them cut the inbound cyber attacks anytime they choose. 

The U.S., on the other hand, seems quite vulnerable, with a great many avenues of intrusion.

Level 21

I agree with network defender​ especially considering that security is a people intensive process, it's not something you can just automate.

I am a CISSP as well but I am working towards's, Certified Cloud Security Professional, (CCSP) because of the way that Cloud Computing is coming on strong.  On my way to the CCSP I will take the, Certificate of Cloud Security Knowledge, CCSK first.  After these certifications, I will be moving on to AWS certifications. CCSP CCSK


Level 20

I got the updated CCSP book a few months ago... I was also considering it.  I've read that the book isn't necessarily the best guide for the test even.

Bad software = job security!


Which book.  The CCSP All In One book is most recommended.  Many are reading the NIST and other original source documents, 2013 OWASP Top 10 and how to mitigate them.  has a course but it is not as good as the their CISSP course.


Level 13

I know ransomeware is the big elephant right now, but I truly believe that we dig our own grave.

Imagine a world where programmers really care about their code, have taken secure programming courses, and companies test the crap out of the software before it's released into the wild.

Just for fun, I did some google hacks last night and still found websites with no passwords or default passwords on logins, no secured login pages (http vs https), file browsing left on...


We do something similar.  The issue we have found is when the hackers use IP addresses from within the allowed areas.  Those are the ones we have to worry about.

Level 20

I got the ISC2 book second edition I think.

Level 20

I've found a lot of Cisco routers with default passwords this way or no password.

Level 13

isn't it scary?

Level 20

It's pretty bad.

*sniff* At least I have 1 of the 3 in place... I think.