Industry Trends

Top 3 Security Considerations Following the Monsanto Data Breach

By David Finger | June 10, 2014

Every couple of weeks I will do a web search for "data breach 2014" to check for newly reported incidents. On Monday, that was the situation at Monsanto. While many details are still unknown since it was just discovered, there were a number of interesting bits that already caught my eye:

  • As per usual, the breach occurred well before (March) its identification (May).
  • Entry is reported as a compromised server ...given mention of "big data services" hosted on a server next to it, both were likely web servers.
  • It's quite a mix of breached data- 900 customers, 300 employees and 400 dealers.
  • Most interestingly, the data was "compromised" but it is "not believed to be an attempt to steal that data." (Purely speculating, I wonder if this means there is no evidence of exfiltration attempts and/or evidence the attacker swiftly moved on in search of something else.

I will update this post as more information becomes available. In the meantime though, I highlight this incident for a number of reasons:

1) Recent incidents at eBay and Target appear to have started with stolen credentials. This incident reminds us that our external-facing servers remain a common source of vulnerability and potential entry. If you don't have at least IPS and ideally Web Application Firewalls shielding server vulnerabilities, it's something to strongly consider.

2) Even after hardening the network and strengthening access controls, don't trust that activity inside the network. Sure seems like the attackers in this case were rooting around looking for something after entry. If you don't have internal gates with deeper content inspection- IPS, Antimalware and/or sandboxing- it's another thing to strongly consider.

3) Even if you don't do any of the previous two, look for ways to effectively monitor your network (I know it is tough the amount of information available) for indications of compromise. Existing products like a FortiGate build "reputations" for devices based on network activity, others like FortiSandbox provide additional analysis of activity in "virtual" environments. And many SIEM products have additional "big data" analytics tools to analyze across product. There are many other techniques out there in existing or new products. Leverage what is manageable for your team.

Knowing some of the folks at Monsanto, I am confident they did most of the "right" security things. So if this happened to them, it could happen to any of us. Which is why we advocate a defined approach, like our Advanced Threat Protection Framework, to addressing this emerging class of sophisticated cyberthreats in a structured way.

Join the Discussion