Supply chain attack

Did you know that nine out of 10 companies detected software supply chain risks in the past 12 months? The increase in the number of dependencies in a supply chain has extended the attack surface for adversaries. It has also caused threat actors to shift their focus from the downstream chain affecting just end users to the upstream chain affecting vendors, customers, and end users alike. So with no delay, let’s discuss how you can enable your SOC team to detect and prevent supply chain attacks at each stage of product development.

How to detect and prevent supply chain attacks

A well-planned product development process, which can also be termed as a software development life cycle (SDLC), is the primary step towards protecting your supply chain. As a SOC manager, making your product management and DevOps teams aware of potential threats that besiege the supply chain is your first line of defense against such attacks. So let’s take a deep look at the different stages of an SDLC and unravel the different techniques to detect and prevent a supply chain attack at each stage.

 

Stages of SDLC

Description

Planning

  • This is the first stage of your SDLC.

  • It is the stage where the infrastructure for developing software is set up.

  • In this stage, organizations mostly concentrate on the availability, procurement, and allocation of resources.

Designing

  • It is the stage at which the product begins to take shape.

  • It involves a separate set of procedures to develop a prototype.

  • The software dependencies required to stage the product are determined in this stage.

Implementation

  • The implementation stage is the stage of execution.

  • The DevOps team, which is a combination of software developers and IT operators, plays a vital role in this process.

  • The software is programmed in this stage using code, which can either be proprietary or open source.

Testing

  • This stage ensures the quality of the developed software.

  • Here, code is executed and checked for bugs, glitches, and vulnerabilities.

  • This stage involves third-party collaborations for pen testing and sandboxing.

Deployment

  • It is the stage at which the tested software is verified and attested using code-signing certificates.

  • This stage is crucial to protect, as attackers might steal the code-signing certificates to create fake identities and lure users into downloading malicious software.

Maintenance

  • This is the final stage of the SDLC, which focuses on the seamless and efficient functioning of the product after deployment.

  • This is the stage at which the product is continuously improved to meet the requirements of end users.

  • It involves frequent bug fixes, software updates, and vulnerability patches.

 

Best practices for planning

  • Create a software bill of materials, which is a record of all the resources and processes involved in the SDLC, to keep track of all activities during the process.

  • Implement a Zero Trust model to verify all dependencies and third parties involved in the SDLC.

  • Use comprehensive threat modeling to identify the possible threats and vulnerabilities in all the components of the infrastructure that can hinder the SDLC. Deploy a SIEM solution with effective threat hunting capabilities to help formulate relevant threat models.

  • Triage the known threats and vulnerabilities in the SDLC to plan appropriate incident responses to counteract them.

Best practices for designing

  • Establish a verification process to assess the security posture of vendor organizations.

  • Assess the risk level and the credibility of vendor products.

  • Perform network segmentation to limit third parties’ radius of access to internal resources.

  • Implement the principle of least privilege for all third parties so they can only carry out permitted actions.

  • It is also critical to have visibility over the activities of such least-privileged third parties in your network, which can be achieved with SIEM in place.

Best practices for implementation

  • Deploy strong code integrity policies to restrict unauthorized executions of code dependencies.

  • Assess open-source code in an inline sandboxing tool to filter out unknown threats and vulnerabilities.

  • Use client-side protection tools while availing services from a third-party service provider.

  • Audit shadow IT, which involves monitoring of unauthorized resources that are used by the DevOps team without the approval of the IT department. Shadow IT practices can be counteracted by implementing a SIEM solution with integrated CASB capabilities.

Best practices for testing

  • Create in-house pen testing facilities to avoid dependency on third-party tools.

  • Identify and mitigate vulnerabilities to prevent zero-day vulnerabilities and exploits.

Best practices for deployment

  • Implement kaizen, which is continuous development and improvement, in the software deployment pipeline.

  • Integrate the security teams with the development teams to secure the code-signing certificates and JavaScript repositories.

  • Implement server-side protection solutions to inspect all download requests and website traffic. Here again, SIEM will be a more efficient solution to monitor all inbound and outbound connection requests to the servers.

Best practices for maintenance

  • Build an effective software asset inventory to track all the updates and upgrades to the software.

  • Implement a secure workflow to apply security patches and software updates regularly.

  • Enforce multi-layered security using multi-factor authentication to restrict unauthorized access to software builds, code repositories, and libraries.

ManageEngine Log360’s SDLC

Log360 is a unified SIEM solution from ManageEngine, the IT management division of Zoho Corporation. Log360 comprises of distinct modules that help you secure your network. To ensure the security of a solution like Log360:

  • We build our product on the proprietary frameworks of Zoho and ManageEngine with an in-house infrastructure to facilitate product development.

  • We do not depend on open-source resources or third-party platforms, as each module of Log360 is developed using proprietary code, plugins, and integrations from our existing products.

  • The product undergoes multiple levels of validation before deployment and is thereafter constantly updated and patched for seamless functioning.

These procedures shape Log360 into a foolproof product with absolute quality and integrity. We are very cautious because a supply chain attack is capable of exploiting the mutual trust between various dependencies, which are indispensable in the SDLC. So hold your guard against supply chain attacks by implementing the best practices outlined above in each stage of your SDLC.

Sanjana
Product Marketer