In an interview, RiskRecon CEO Kelly White added that open source intelligence is becoming more important because enterprises have become so complex, with complicated webs of departments, companies, vendors and partners that are operating systems and services on their behalf.
White said that in order to understand the risk associated with something like SolarWinds, it "really does take open source intelligence to stay on top of, understand and manage your risk exposure."
RiskRecon assists organizations in managing the risk reality of increasingly interconnected IT ecosystems by delivering actionable security performance measurements, according to White, putting them right at the nexus of what happened with SolarWinds.
"In the case of SolarWinds, there's many ways open source intelligence has helped organizations. It helped identify the compromise or exposure of an enterprise's own network and helped understand their exposure as it relates to the broader ecosystem of vendors and partners that they depend on," White said.
"RiskRecon monitors the DNS traffic of the internet, and so through our analysis of about 150,000 command and control server communications, we were able to pinpoint a 129 companies that were actively signaled out for remote control to the SolarWinds command and control infrastructure."
White said the company developed the list of 129 companies and in some cases shared the information directly with the company if they knew someone there. For the companies where they did not have a contact, they sent the entire list to a non-profit organization that could notify and help the companies that had been compromised.
White noted that their list included a division of the United Nations, a major electric car manufacturer, a U.S. defense contractor and other enterprises. They even provided the list to their own customers so that if they are doing business with any of the affected companies, they would be aware and could reach out themselves.
Using open source intelligence, RiskRecon was also able to continuously port scan the entire internet and identify some of the applications and technology being used by certain companies, giving them clues to know who was operating the SolarWinds Orion technology. That allowed them to notify other companies that had been breached.
"All this body of information comes together to help organizations understand this key question: what is my exposure to SolarWinds? What should I do about it? Because of the speed and complexity of enterprises and their interconnected ecosystems of hundreds and sometimes thousands of partners, that open source intelligence is really becoming a primary way for understanding your risk," White said.
"Companies operate in this really big, complex ecosystem and to manage their risk, they need to do so for their own company, but also for those vendors and partners they depend on. The open source intelligence enables companies to understand that larger risk and to collaborate together to share this information, this intelligence with each other and to improve the overall security posture of all organizations."