If you want to give your security manager the chills, just mention the words SolarWinds or Log4j.
SolarWinds, of course, was the subject of a hack discovered in late 2020 that threatened a long list of organizations — including 499 of the Fortune 500 — with malicious code. And Log4j is a widely used open-source logging utility and library that is currently the subject of a worldwide zero-day exploit. It’s a vulnerability that’s likely to keep jangling the nerves of cybersecurity professionals for months, perhaps even years, to come.
Yet with help from Tanium, a major defense contractor has kept itself safe and secure from both of these hacks, even though it runs SolarWinds and Log4j code.
The Tanium solution
The defense contractor originally licensed Tanium to help with compliance and vulnerability management. The company has several thousand AWS EC2 instances that it knows of, plus an unknown number of “shadow IT” systems managed separately to protect them from malicious actors, including hostile nation-states.
Today, the company keeps those AWS instances safe and secure with help from four Tanium products: Core, Asset, Discover and Comply. The Discover implementation is particularly advanced; where most use just a few profiles, the defense contractor’s setup involves hundreds. The company has also created custom labels for its EC2 instances, providing a highly granular view.
That’s important because the contractor worries about attacks on its supply chain as well as data theft by foreign nation-states. That level of concern has even led to meetings between Tanium and the company’s senior leadership.
Fighting major threats
The company uses Tanium first to discover EC2 instances and then run scans to uncover potential vulnerabilities. If and when potential threats are identified, the contractor uses other third-party tools to remediate them.
With this approach, the contractor has delivered several key benefits. For one, the mean time to remediate vulnerabilities has been dramatically shortened. For another, the company can now close attack surfaces. And on top of those benefits, Tanium helps the company fact-check patches, determining, for example, whether a patched system got a required reboot. The contractor is also using Tanium to create ad hoc reports.
In the case of the SolarWinds vulnerability, Tanium gave the company’s executive team confidence that they were not vulnerable, and it delivered this information in just 24 hours. Then, over the next two weeks or so, Tanium continued to verify, and re-verify, that the company did not have a vulnerable instance of SolarWinds.
To help protect the company’s systems against the Log4j exploit, Tanium has created a proof-of-concept (POC) implementation that verifies instances of Log4j code in the company’s network and AWS instances. The POC, recently extended by customer request, provides information that is then compared with the findings from other vulnerability scanners, giving the company an especially high level of visibility and confidence.
Hackers aren’t going away, and neither are software vulnerabilities. But with help from Tanium, this military contractor is fighting back.