This past week the Committee on Oversight and Government Reform published their report on the massive data breach that happened at Equifax and allowed malicious actors to compromise the personal records of 148 million people. While missing patches were the primary cause of the breach, the report points out that Equifax could have still protected itself and stopped the attack if only the IDS/IPS solution they put in place had actually been working.
What is an Intrusion Detection Sensor, or, IDS?
An IDS or Intrusion Detection Sensor is a monitoring device that inspects network traffic looking for any signs that an attack is taking place. Companies use these devices to identify cyber attacks and give IT departments the information they need to stop those attackers. An IPS or Intrusion Prevention System takes it one step further, actively stopping detected attacks without the need for human intervention.
Where did Equifax’s IDS Fail? What could have Equifax paid attention to?
According to the report Equifax had gone to the trouble of installing an IPS in their network, but over time it had fallen into disrepair. Other priorities took precedent and fixing the malfunctioning device was pushed to the bottom of the list.
It only took three days from when the Apache Struts exploit was published for attackers to successfully use it against Equifax. On March 10th attackers successfully used the exploit to perform an initial reconnaissance against the company, but the data wouldn’t be stolen for another two months.
Six days after the first disclosure of the vulnerability the Equifax team installed a signature in their IPS devices that is designed to detect and alert if the Apache Struts exploit was detected against their servers.
In theory this signature should have protected Equifax from compromise, but the IPS wasn’t configured properly. Instead of investigating the traffic and looking for attackers the IPS couldn’t see what was going on. It was blind, but the Equifax team didn’t realize it at the time. They thought that they were protected, giving them enough time to patch the issue at their leisure, but in reality the attackers were already in their network and about to carry out one of the biggest cyber attacks in history.
If the IDS/IPS device in Equifax’s network had been functioning properly then they would have been alerted to the attacks as they happened, and potentially been able to block the attackers before they could do any damage. Maintaining devices like these is often a low priority for overwhelmed IT departments, but they can sometimes be all that stands between your CEO and the front page of the national newspapers.
NetTex Solutions IDS Could Have Prevented This Multi-Million dollar attack for mere pennies!
Our experienced network and security engineers can help you deploy an IDS and IPS solution that protects your network against attackers and give you the insight you need to make sure your network is secure. We can help you manage your devices, architect your deployment, and even provide our own custom built IDS solution and monitoring that provides out-of-the-box HIPAA and PCI compliance and a cloud based dashboard that your staff can access from anywhere in the world. Give us a call today for more information.