What’s the weakest link in a manufacturer’s security architecture? One of the common answers is ‘the one you can’t control’, with third-party access being the most prominent example. Supply chain attacks are one of the hardest challenges security teams struggle with, particularly for manufacturing companies that rely heavily on an ecosystem of external contractors. Their access is crucial for business operations, but is almost completely beyond control of the identity security team.
In this blog we’ll analyze this challenge in detail and shed light on the only spot where security can be enforced: authentication and access. We’ll then uncover how Silverfort’s Unified Identity Security platform can leverage various controls, such as ITDR, MFA, and authentication firewall, to mitigate supply chain risk and ensure third-party access never compromises the organization’s security posture.
Supply Chain 101: How to Secure What You Don’t Own
The logic behind supply chain attacks is simple. Sometimes, the actual target is just too strong. Instead of wasting time and effort in attacking it directly, adversaries focus on a third party that is trusted by the target organization. Usually, this third party is less resilient to attacks than the main target, otherwise there’s no benefit in going after it in the first place.
So, here’s the problem in its most distilled form: by definition, there will always be a third party that is easier to compromise than your own company. Sooner or later, attackers will discover this potential route into your environment. However, your hands are tied – you don’t have any say regarding this third party’s security posture, and you can’t enforce your internal security controls and practices on an environment that is not yours.
Supply Chain Attacks Are the Ultimate Sweet Spot for Identity Threats
There are various forms of supply chain attacks, but we’ll focus on the ones that involve the identity theft of a trusted third-party contractor or vendor. As previously explained, it is easier for the adversary to compromise the third party’s credentials than attacking your environment directly. And this compromise yields a tremendous return, as it provides the adversary with full access without needing to involve any malicious code, weaponized emails, or phishing.
Manufacturers Beware: You Are Highly Exposed to Supply Chain Attacks
Manufacturing companies are the natural target for supply chain attacks. The nature of their business entails an extensive supply chain, from inbound raw materials to outbound produced goods, with numerous software vendors that provide continuous support to shopfloor, logistics, finance and business operations.
This further complicates the problem because the more third-party entities there are, the greater the chance an attacker will find one that is easily compromised. It could literally be anyone – a small supplier of raw material, a warehousing software vendor, or a retailer that shops for the manufactured product.
What Would a Typical Supply Chain Identity Attack Look Like?
Let’s take a closer look at the supply chain attack flow.
Part #1: Identify and compromise a vulnerable supply chain member
Adversaries can easily perform the required reconnaissance to get a clear picture of their target’s supply chain ecosystem. Once mapping is done, several potential targets are picked up based on their estimated resilience to compromise and potential access privileges. Gaining initial access to these supply chain members typically employs the standard social engineering/weaponized email/remote code execution flow, enabling attackers to easily obtain a username and password for remote access to the targeted manufacturer.
Part #2: Leverage the compromised third-party identity for malicious access
Once credentials are obtained, the attackers can connect to the manufacturer’s environment as the legitimate supply chain member would. It’s important to note that this malicious access doesn’t involve any malware or installation of a backdoor. It simply abuses a legitimate access path, making it extremely hard for the security controls in place to detect that something is wrong.
Part #3: Execute the attack’s objective
After access is made, the adversary follows up by executing their initial objective – ransomware, data theft, etc. In most cases they would perform additional lateral movement within the manufacturer’s environment.
Protection 101: Place Your Defenses on the First Point You Can Control
The main reason for supply chain risk is that you have zero control over the resilience level of your external contractors’ environments. The pragmatic – and realistic – assumption should be that this cannot be changed. It naturally follows that you should set your protection measures at the first line of defense that you do control: the authentication stage. This is the first place where the third party (or the attacker that has compromised it) interacts with your environment, and ideally, this is where you’d need security controls that can detect and block malicious access with compromised credentials.
Silverfort Unified Identity Security Platform: Defense-In-Depth Against Supply Chain Attacks
Silverfort provides the first Unified Identity Security platform purpose-built to detect and prevent malicious access with compromised credentials by any users to any resource, both on-prem and in the cloud. Silverfort’s platform integrates with the identity infrastructure already in place, offering real-time visibility, risk analysis, and active enforcement over every authentication and access attempt. This technology fuels several identity security modules that operate together to fully mitigate supply chain malicious access risks:
Multi-Factor Authentication: Enforce MFA on any third-party access without agents or proxies
With Silverfort, you can easily apply MFA protection on all of your supply chain ecosystem, significantly reducing the likelihood of malicious access with compromised credentials. This protection applies to the initial access to the manufacturer’s environment, as well as access to any subsequent resources within it.
Authentication Firewall: Reduce the supply chain attack surface with least privilege access policies
Silverfort’s Authentication Firewall enables identity security teams to easily segment their environments based on users’ identities. In doing so, third-party contractors can access the resources they need, while being unable to access any other resource. This additional security layer significantly reduces the potential blast radius of successful malicious access. Additionally, if a breach is discovered, the identity teams can applyu a break-glass procedure by blocking all access to resources in a single click.
Identity Threat Detection and Response (ITDR): Defense-in-depth against malicious access scenarios
Silverfort’s risk engine continuously analyzes every authentication and access attempt to detect any indication of credential access, privilege escalation or lateral movement. The risk engine can identify a multitude of malicious techniques, such as Pass-the-Hash, Kerberoasting and others, as well as access anomalies that indicate a compromise. This acts as an additional defense layer, so even if an attacker did manage to access the targeted environment, Silverfort ITDR will reveal its presence.
Silverfort ITDR goes far beyond just detection and alerting, and can trigger both MFA or the Authentication Firewall to proactively block any malicious access.
Are You a Manufacturer? Gaining the Upper Hand Against Supply Chain Attacks Is Within Your Reach
Identity security is now more urgent than ever. Compromised credentials are the leading attack vector today, and they play a critical role in any supply chain attack. Regain control over your environment by putting the required identity security layers in place today.
Want to learn more? Reach out to one of our experts to schedule a call.