لخّصلي

How can similar attacks be prevented?This process could be made more secure by requiring the key stored within the HSM to use some kind of multi-factor authentication.- Jonathan Kline star lab logo

Securely signing release packages is not an easy undertaking, Kline says, but particularly in light of the SolarWinds breach, it remains an altogether security-crucial aspect of software development and software release, if the industry is to protect itself from another SolarWinds, that is.

Scott Shadley, Vice President of Marketing at NGD Systems, a manufacturer of state-of-the-art computational storage drives (CSDs) and also a Trenton Systems technology partner, explained how NGD's drives can protect your sensitive data.Jonathan Kline, Chief Technical Officer at cybersecurity software company Star Lab, a Wind River company, and a Trenton Systems technology partner, stresses the importance of signing release packages securely but admits that there's no one-size-fits-all solution.One possible approach to securely signing software uses an offline approach combined with some form of hardware security module (HSM).Our CSDs actually leverage the security protocols of self-encrypting data.

How can similar attacks be prevented?
Going forward, secure code signing and hardware-based protections are two of many practices that could help prevent SolarWinds-style hacks.

Jonathan Kline, Chief Technical Officer at cybersecurity software company Star Lab, a Wind River company, and a Trenton Systems technology partner, stresses the importance of signing release packages securely but admits that there’s no one-size-fits-all solution.

One possible approach to securely signing software uses an offline approach combined with some form of hardware security module (HSM). Within this model, the software is developed and transferred to a staging area. In the staging area, the software is signed using a non-extractable key, presumably by a trusted individual within your organization. The software is then transferred back to the release or deployment environment.

This process could be made more secure by requiring the key stored within the HSM to use some kind of multi-factor authentication. This would then prevent someone who had access to the HSM from being able to sign their own packages. It doesn’t, however, directly prevent someone from modifying or injecting build artifacts into the development environment before they are transferred to the staging environment.

• Jonathan Kline star lab logo

Securely signing release packages is not an easy undertaking, Kline says, but particularly in light of the SolarWinds breach, it remains an altogether security-crucial aspect of software development and software release, if the industry is to protect itself from another SolarWinds, that is.

Scott Shadley, Vice President of Marketing at NGD Systems, a manufacturer of state-of-the-art computational storage drives (CSDs) and also a Trenton Systems technology partner, explained how NGD's drives can protect your sensitive data.

Our CSDs actually leverage the security protocols of self-encrypting data. The benefit is, since we have an OS inside the drive, we can read, decrypt, work on, modify, encrypt, and store the data on the drive without any external access to it. There's no movement outside the device itself. We can then provide results and value from the raw encrypted and stored data on the drive to the user without risking any leak of data from the drive itself.

So, to put this into perspective, a stream of data, such as video from a drone, is stored in real-time on the device using an encryption key. The data is then analyzed by the local OS on the CSD from NGD Systems to identify the target of the video stream. The raw data is secure on the drive, but the image or results needed by the host to make value of that data is sent off the drive, encrypted. So, the raw data is 100-percent secure from the moment it's captured.