How Fast Can You Detect a Supply-Chain Ransomware Attack?

In light of the recent series of supply chain attacks (actually going back to 2011 at least), speed is crucial. SolarWinds, Microsoft Exchange, Kayesa and others.

This weekend’s attack against MSP software provider Kaysera is a perfect example of why speed is so important.

Many small and medium sized companies are dependent on managed service providers (MSPs) to run their IT systems. In order for MSPs to do that, they need access to their clients’ systems. The software that Kaysera makes helps MSPs do just that.

Which means that MSPs are a great attack point. Finding out what software they use and compromising it gives the hackers a force multiplier. One MSP equals, say, 100 customers, equals, say, 2500 workstations. Or more!

It appears that Kayesa got their arms around this quickly.

How did they do that? We don’t know how, but here is my speculation.

Given the business that they are in, they likely have a well trained, well staffed and well armed (with software) 24 by 7 Security Operations Center or SOC. Even a small SOC can easily cost a company a quarter million dollars a year or more, when you consider payroll, benefits, training and software. This is NOT something that you should try with one person, no training and limited software.

There is an alternative and that is a SOC as a service or SOCaaS. With a SOCaaS, you only pay for however much you use. The SOCaaS provider deals with the staffing, training, software and does it at scale. Maybe you need three people for a 25 person company, but those same 3 people can probably handle a hundred people. At 5 people maybe you can handle 500 people. It scales well due to automation. They also have the benefit of once they have seen an attack on one customer, they know what to look for at all customers. Also, if they need to buy a database of attack indicators, the cost of the database is likely licensed based on the number of SOC personnel they have, not the number of users they are monitoring. Again, Scale is your friend.

What is clear is time is your enemy and a SOC or SOCaaS reduces the time to detect a breach, so it is your friend.

While SOCs are very expensive, SOCaaS may be more cost effective than you might think. Nothing is free, but neither is getting attacked.

If you would like to investigate a SOCaaS, please contact us – we have a great solution.

Leave a Reply

Your email address will not be published.