Written by Billy Moran
It was just three days after May the 4th (be with you), when Colonial Pipeline felt the power of the DarkSide. This story about the hacking of a major component of US infrastructure has followed a number of turns as more information has been revealed to the public. Initially, the news was about a network hack causing the shutdown of a Texas to New Jersey pipeline threatening fuel supplies for cars, trucks and airplanes. As more information came out about the ransomware and the shadowy DarkSide syndicate that develops and sells the software, the pipeline began to reopen slowly, and then conversation morphed into a national discussion about ransomware itself.
Today the story is split between congressional hearings pushing for more answers on the ransom paid by the company, and reports that new network outages are slowing the pipeline’s ability to return to full network operations. These additional network challenges show the reality that recovering from a serious ransomware incident is a gradual process that often includes setbacks. According to Colonial, today’s issues are due to hardening efforts going on in the wake of the incident. It’s not as easy as just paying the ransom and then everything works again. Typically we’re most prepared today for the hack that happened yesterday.
Ransomware targets are typically not as high profile as Colonial Pipeline. In fact hackers tend to look for networks with data that is critical, but at organizations that can often not afford the best protection like hospitals, local governments, and police departments.
When it comes to securing the network, there are many boxes to check. The National Security Agency (NSA) recently published guidelines on using out-of-band management to create a framework that improves network security by segmenting management traffic from operational traffic. By ensuring that management traffic only comes from the out-of-band communications path, compromised user devices or malicious network traffic is prevented from impacting network operations and compromising network infrastructure.
READ MORE: NSA RECOMMENDATION SOLUTION BRIEF
An advanced out-of-band platform is like having an automated crash cart in every network rack. With continuous device monitoring, from alerts when there are device issues or even performance trends heading in the wrong direction, to reliable runbook automation, out-of-band management is about more than remote connections to gear. But for the times when there are issues beyond the abilities of automated responses, the platform can spin up an out-of-band link to connect remote admins for hands-on remediation without a truck roll.