{"id":92582,"date":"2021-01-19T14:30:50","date_gmt":"2021-01-19T22:30:50","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=92582"},"modified":"2023-05-15T23:11:54","modified_gmt":"2023-05-16T06:11:54","slug":"using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/","title":{"rendered":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate"},"content":{"rendered":"<p>The <a href=\"https:\/\/aka.ms\/solorigate\" target=\"_blank\" rel=\"noopener noreferrer\">Solorigate supply chain attack<\/a> has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many of the tactics, techniques, and procedures (TTPs) were individually ordinary.<\/p>\n<p>Companies operating with a Zero Trust mentality across their entire environment are more resilient, consistent, and responsive to new attacks\u2014Solorigate is no different. As threats increase in sophistication, Zero Trust matters more than ever, but gaps in the application of the principles\u2014such as unprotected devices, weak passwords, and gaps in multi-factor authentication (MFA) coverage can be exploited by actors.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92583\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/01\/Solorigate-1.png\" alt=\"Zero Trust Principles\" width=\"800\" height=\"316\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Solorigate-1.png 800w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Solorigate-1-300x119.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Solorigate-1-768x303.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<h2>Applying Zero Trust<\/h2>\n<p>Zero Trust in <a href=\"https:\/\/aka.ms\/ztguide\" target=\"_blank\" rel=\"noopener noreferrer\">practical terms<\/a> is a transition from implicit trust\u2014assuming that everything inside a corporate network is safe\u2014to the model that assumes breach and explicitly verifies the security status of identity, endpoint, network, and other resources based on all available signals and data. It relies on contextual real-time policy enforcement to achieve least privileged access and minimize risks. Automation and Machine Learning are used to enable rapid detection, prevention, and remediation of attacks using behavior analytics and large datasets.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-92584\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/01\/solorigate-2.png\" alt=\"Zero Trust Policy\" width=\"1049\" height=\"358\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/solorigate-2.png 1049w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/solorigate-2-300x102.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/solorigate-2-1024x349.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/solorigate-2-768x262.png 768w\" sizes=\"(max-width: 1049px) 100vw, 1049px\" \/><\/p>\n<h2>Verify explicitly<\/h2>\n<p>To <em>verify explicitly<\/em> means we should examine all pertinent aspects of access requests instead of assuming trust based on a weak assurance like network location. Examine the identity, endpoint, network, and resource then apply threat intelligence and analytics to assess the context of each access request.<\/p>\n<p>When we look at how attackers compromised identity environments with <a href=\"https:\/\/aka.ms\/solorigate\" target=\"_blank\" rel=\"noopener noreferrer\">Solorigate<\/a>, there were three major vectors: compromised user accounts, compromised vendor accounts, and compromised vendor software. In each of these cases, we can clearly see where the attacker exploited gaps in <strong>explicit verification<\/strong>.<\/p>\n<ul>\n<li>Where user accounts were compromised, <a href=\"https:\/\/aka.ms\/yourpassworddoesntmatter\" target=\"_blank\" rel=\"noopener noreferrer\">known techniques like password spray, phishing, or malware<\/a> were used to compromise user credentials and gave the attacker critical access to the customer network. On-premises identity systems are more vulnerable to these common attacks because they lack cloud-powered protections like <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/concept-password-ban-bad\" target=\"_blank\" rel=\"noopener noreferrer\">password protection<\/a>, recent <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/advancing-password-spray-attack-detection\/ba-p\/1276936\" target=\"_blank\" rel=\"noopener noreferrer\">advances in password spray detection<\/a>, or <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/enhanced-ai-for-account-compromise-prevention\/ba-p\/1994653\" target=\"_blank\" rel=\"noopener noreferrer\">enhanced AI for account compromise prevention<\/a>.<\/li>\n<li>Again, in cases where the actor succeeded, highly privileged vendor accounts lacked protections such as MFA, IP range restrictions, device compliance, or access reviews. In other cases, user accounts designated for use with vendor software were configured without MFA or policy restrictions. Vendor accounts should be configured and managed with the same rigor as used for the accounts which belong to the organization.<\/li>\n<li>Even in the worst case of SAML token forgery, excessive user permissions and missing device and network policy restrictions allowed the attacks to progress. The first principle of Zero Trust is to verify explicitly\u2014be sure you extend this verification to all access requests, even those from vendors and especially those from on-premises environments.<\/li>\n<\/ul>\n<p>Cloud identity, like Azure Active Directory (Azure AD), is simpler and safer than federating with on-premises identity. Not only is it easier to maintain (fewer moving parts for attackers to exploit), your Zero Trust policy should be informed by cloud intelligence. Our ability to reason over more than eight trillion signals a day across the Microsoft estate coupled with <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/enhanced-ai-for-account-compromise-prevention\/ba-p\/1994653\" target=\"_blank\" rel=\"noopener noreferrer\">advanced analytics<\/a> allows for the detection of anomalies that are very subtle and only detectable in very large data sets. User history, organization history, threat intelligence, and real-time observations are an essential mechanism in a modern defense strategy. Enhance this signal with <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/threat-protection\/microsoft-defender-atp\/machine-reports\" target=\"_blank\" rel=\"noopener noreferrer\">endpoint health and compliance<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/protect\/device-compliance-get-started\" target=\"_blank\" rel=\"noopener noreferrer\">device compliance policies<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/apps\/app-protection-policy\" target=\"_blank\" rel=\"noopener noreferrer\">app protection policies<\/a>, <a href=\"https:\/\/docs.microsoft.com\/en-us\/cloud-app-security\/session-policy-aad\" target=\"_blank\" rel=\"noopener noreferrer\">session monitoring, and control<\/a>, and <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/encryption-sensitivity-labels?view=o365-worldwide\" target=\"_blank\" rel=\"noopener noreferrer\">resource sensitivity<\/a> to get to a Zero Trust verification posture.<\/p>\n<p>For customers that use federation services today, we continue to develop tools to simplify migration to Azure AD. Start by <a href=\"https:\/\/www.youtube.com\/watch?v=PxLIacDpHh4&amp;list=PLVgH7d08tj4_0KYcPvCKOod9sSBVGYh3x&amp;index=2\" target=\"_blank\" rel=\"noopener noreferrer\">discovering the apps that you have and analyzing migration work<\/a> using Azure AD Connect health and activity reports.<\/p>\n<h2><span lang=\"EN-US\">Least privileged access<\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-92600 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004.jpg\" alt=\"Zero Trust: Microsoft Step by Step\" width=\"1280\" height=\"720\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004.jpg 1280w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-300x169.jpg 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-1024x576.jpg 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-768x432.jpg 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-687x385.jpg 687w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-1083x609.jpg 1083w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-767x431.jpg 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/Zero-Trust-marketecture-products-004-539x303.jpg 539w\" sizes=\"(max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<p>Least privileged access helps ensure that permissions are only granted to meet specific business goals from the appropriate environment and on appropriate devices. This minimizes the attacker\u2019s opportunities for lateral movement by granting access in the appropriate security context and after applying the correct controls\u2014including strong authentication, session limitations, or human approvals and processes. The goal is to compartmentalize attacks by limiting how much any compromised resource (user, device, or network) can access others in the environment.<\/p>\n<p>With Solorigate, the attackers took advantage of broad role assignments, permissions that exceeded role requirements, and in some cases abandoned accounts and applications which should have had <em>no<\/em> permissions at all. Conversely, customers with good least-privileged access policies such as using <a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/compass\/overview\" target=\"_blank\" rel=\"noopener\">Privileged Access Workstations<\/a> (PAW)\u00a0devices were able to protect key resources even in the face of initial network access by the attackers.<\/p>\n<h2>Assume breach<\/h2>\n<p>Our final principle is to Assume Breach, building our processes and systems assuming that a breach has already happened or soon will. This means using redundant security mechanisms, collecting system telemetry, using it to detect anomalies, and wherever possible, connecting that insight to automation to allow you to prevent, respond and remediate in near-real-time.<\/p>\n<p>Sophisticated analysis of anomalies in customer environments was key to detecting this complex attack. Customers that used rich cloud analytics and automation capabilities, such as those provided in Microsoft 365 Defender, were able to rapidly assess attacker behavior and begin their eviction and remediation procedures.<\/p>\n<p>Importantly, organizations such as Microsoft who do not model \u201csecurity through obscurity\u201d but instead model as though the attacker is already observing them are able to have more confidence that mitigations are already in place because threat models assume attacker intrusions.<\/p>\n<h2>Summary and recommendations<\/h2>\n<p>It bears repeating that Solorigate is a truly significant and advanced attack. However ultimately, the attacker techniques observed in this incident can be significantly reduced in risk or mitigated by the application of known security best practices. For organizations\u2014including Microsoft\u2014thorough application of a Zero Trust security model provided meaningful protection against even this advanced attacker.<\/p>\n<p>To apply the lessons from the Solorigate attack and the principles of Zero Trust that can help protect and defend, get started with these recommendations:<\/p>\n<ol>\n<li>More than any other single step, <a href=\"https:\/\/aka.ms\/enablemfa\" target=\"_blank\" rel=\"noopener noreferrer\">enable MFA<\/a> to reduce account compromise probability by more than 99.9 percent. This is so important, we made Azure AD MFA free for <em>any<\/em> Microsoft customer using a subscription of a commercial online service.<\/li>\n<li>Configure for Zero Trust using our <a href=\"https:\/\/aka.ms\/ztguide\" target=\"_blank\" rel=\"noopener noreferrer\">Zero Trust Deployment Guides<\/a>.<\/li>\n<li>Look at our <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/azure-ad-workbook-to-help-you-assess-solorigate-risk\/ba-p\/2010718\" target=\"_blank\" rel=\"noopener noreferrer\">Identity workbook for Solorigate<\/a>.<\/li>\n<\/ol>\n<p>Stay safe out there.<\/p>\n<p>\u2014 <a href=\"https:\/\/twitter.com\/Alex_T_Weinert\" target=\"_blank\" rel=\"noopener noreferrer\">Alex Weinert<\/a><\/p>\n<p>For more information about Microsoft Zero Trust please <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\" target=\"_blank\" rel=\"noopener noreferrer\">visit our website<\/a>. Bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many of the tactics, techniques, and procedures (TTPs) were individually ordinary. Companies [&hellip;]<\/p>\n","protected":false},"author":98,"featured_media":92586,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3688,3689],"products":[],"threat-intelligence":[],"tags":[3822,3813],"coauthors":[1845],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many of the tactics, techniques, and procedures (TTPs) were individually ordinary. Companies [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-19T22:30:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:11:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alex Weinert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Weinert\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/alex-weinert\/\",\"@type\":\"Person\",\"@name\":\"Alex Weinert\"}],\"headline\":\"Using Zero Trust principles to protect against sophisticated attacks like Solorigate\",\"datePublished\":\"2021-01-19T22:30:50+00:00\",\"dateModified\":\"2023-05-16T06:11:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\"},\"wordCount\":1114,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg\",\"keywords\":[\"Microsoft Security Insights\",\"Solorigate\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\",\"name\":\"Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg\",\"datePublished\":\"2021-01-19T22:30:50+00:00\",\"dateModified\":\"2023-05-16T06:11:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg\",\"width\":2560,\"height\":1707,\"caption\":\"Black female developer working at enterprise office workspace.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Using Zero Trust principles to protect against sophisticated attacks like Solorigate\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/","og_locale":"en_US","og_type":"article","og_title":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog","og_description":"The Solorigate supply chain attack has captured the focus of the world over the last month. This attack was simultaneously sophisticated and ordinary. The actor demonstrated sophistication in the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure, but many of the tactics, techniques, and procedures (TTPs) were individually ordinary. Companies [&hellip;]","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-01-19T22:30:50+00:00","article_modified_time":"2023-05-16T06:11:54+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg","type":"image\/jpeg"}],"author":"Alex Weinert","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alex Weinert","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/alex-weinert\/","@type":"Person","@name":"Alex Weinert"}],"headline":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate","datePublished":"2021-01-19T22:30:50+00:00","dateModified":"2023-05-16T06:11:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/"},"wordCount":1114,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg","keywords":["Microsoft Security Insights","Solorigate"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/","name":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg","datePublished":"2021-01-19T22:30:50+00:00","dateModified":"2023-05-16T06:11:54+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/01\/CLO20b_Madeleine_office_005-scaled.jpg","width":2560,"height":1707,"caption":"Black female developer working at enterprise office workspace."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/01\/19\/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Using Zero Trust principles to protect against sophisticated attacks like Solorigate"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/92582"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/98"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=92582"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/92582\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/92586"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=92582"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=92582"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=92582"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=92582"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=92582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=92582"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=92582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}