ITRS Group Response to a Major Data Breach Leaving Government Agencies and Enterprises Vulnerable to Cyber Attacks

On Sunday, December 13, 2020 the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) confirmed that several agencies of the US Government and other enterprise companies were exposed to a major hack, where data and tools were stolen. According to the Associated Press nation-state sponsored hackers were responsible and the attacks were orchestrated via malware on a widely used network monitoring solution. In response to the large-scale penetration of the US Government the Department of Homeland Security’s cybersecurity division (CISA) issued an emergency directive calling on all federal civilian agencies to scour their networks for compromises.

What has ITRS done to make sure our customers are secure from this type of cyber-attack?

Because this was a supply chain attack on a widely used network monitoring system, ITRS was able to confirm there are distinct differences between our product suite and the breached network monitoring system.

1. The supply chain for ITRS’ software production is protected by multiple independent layers of intrusion and anomaly detection systems, which are augmented by machine learning as well as human-supervised security systems.
2. Our software production estate and its supporting supply chain are a segregated environment; their security is governed based on the ISO27001 standards.
3. The breached network monitoring system was built specifically for Windows machines / servers. Our equivalent core server products (Geneos Gateway, OP5 Monitor etc) are built on Linux and run on Linux (RedHat) in enterprise environments.
4. Geneos, Capacity Planner, Gateway Hub and Synthetic Monitoring are different when it comes to build, deployment and particularly when it comes to updates and maintenance. ITRS maintains the end-to-end ownership of its supply chain, production as well as upgrade/update processes for its product suite.
5. The proprietary features of our products and technology means no one apart from our own experts with specific know-how can perform maintenance tasks.
6. ITRS OP5 Monitor is in the same space as the penetrated network monitoring system however OP5 Monitor runs on Linux (RedHat). Active Directory and SAML on Linux interact with the OS differently to the way that Windows deals with such services and protocols. What happened to the breached network monitoring system (the exploit/trojan/backdoor) is not portable to OP5 Monitor which runs on Linux.

The task of making sure our software is secure never ends. We have built our solutions based on a number of security best practices to make sure our customers are protected and secure from these types of attacks. ITRS stands by our customers as you deal with this incident and are ready to help with any monitoring needs or questions you may have.