Case Study: Using Spyderbat to Monitor For Supply Chain Attacks

  • All Posts
  • 1 year ago
  • min read

“With Spyderbat, we’re able to monitor Linux for the first time, giving us full visibility into Linux and AWS as a whole. We can search inside the portal for anything happening in our environments, including who logged into a Linux box and what they did. This means that we can trace all activity and fully manage third-party risk to secure our data and meet compliance requirements.”

Jeff Barto, Chief Security Officer

A global hedge fund had the following challenges:

Lack of Perimeter Breach Detection in Linux

Increasingly, threat actors focus their attacks on cloud or on-premise Linux environments. According to one 2021 report, the top threats facing Linux environments include:

● Coinminers

● Web shells

● Ransomware

● Trojans

These environments are a black box for most organizations, leaving them without visibility into network-facing servers, often running SSH or Apache. Threat actors use more advanced methods for obfuscating their attacks against Linux, making detection even more challenging.

Inability to Monitor Third-Party Risk

Third-party vendors, like AWS, run platforms, services, and products on top of Linux. This compounds Linux visibility issues, requiring organizations to rely on third-party vendors for information about potential breaches. Organizations lack the ability to monitor third-party risk appropriately, leaving them open to compliance violations.

High Operational Costs

Monitoring Linux environments requires having full-time employees with Linux programming backgrounds to monitor these decentralized logs. As these system logs are often broken out according to specific services, they are increasingly burdensome to manage. Even with these resources, the process is time-intensive and lacks full visibility.

Gaining Visibility into Data Breach Risks Across Owned and Third-Party Linux Environments

The customer installed Spyderbat across its Linux environment, giving them the ability to engage in detailed attack traces across their Linux and Linux-based third-party vendor environments.

Reduced Time to Investigate Incidents with Enriched Data

Spyderbat provides the only solution that ties network traffic and indicators of compromise data to Linux. This capability enables security teams visibility into the full attack path, across all compromised servers and logins. This monitors the Linux environment at both the operating system level and the network level.

Reduced Supply Chain and Compliance Risk with Third-Party Monitoring

Spyderbat enables organizations to take control of the security of their third-party Linux-based products. . With Spyderbat, security teams trace supply chain attacks at an operator level, giving them visibility into servers or applications usually controlled by vendors. This enhances security and compliance posture, eliminating blind spots, cannot and providing organizations with the ability to prove governance and third-party vendor risk management.

Integrate Linux Monitoring into Security Activities

Spyderbat enables security teams to consistently monitor, detect, and respond to activities across all environments. Additionally, they can extract data into existing workflows, such as incident response or ticket management solutions.

Reduced Operational Costs with Intuitive Interface

Spyderbat’s easy-to-read visualizations remove the skills barriers associated with monitoring Linux environments. The easy-to-use, functional interface traces all activity, reducing investigation time and eliminating the need for Linux programming experience.

See our eBook “Protecting Against Supply Chain Attacks” for more on how Spyderbat can be used to protect against software supply chain attacks,

Write a comment

Inline Feedbacks
View all comments


Use cases