As reported on Bleeping Computer, on August 21, 2024, Dick's Sporting Goods discovered that there was a serious data breach. Bad actors accessed critical systems containing confidential information through unauthorized third-party access. This was avoidable and detectable if the right tools were in place at the time.
The breach caused expensive disruption to business operations, by causing Dick's Sporting Goods to shut down all of their email systems and lock all customer accounts.
What if they had Vorlon?
The scope of the breach and details surrounding the incident remain limited. However, if the “unauthorized third-party access” occurred through a third-party app—a common attack vector today—a robust security platform like Vorlon becomes crucial. Most breaches go undetected for extended periods, allowing attackers to continuously exploit vulnerabilities.
With Vorlon in place, both Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) are significantly reduced, enabling quicker identification and mitigation of threats, thereby minimizing potential damage and protecting sensitive information more effectively.
Here is a brief overview of some of those alerts:
Secret Sharing Detected - Vorlon will raise a new secret sharing detected alert whenever it detects traffic using a secret that has been previously used by a different application.
Sensitive Data Access - Vorlon will raise a sensitive data access alert whenever a new endpoint is detected that provides data which includes sensitive information.
Unknown Source IP - Vorlon will raise a new unknown source IP alert whenever traffic from a new unknown IP that cannot be identified against the catalog of apps is detected.
Unknown Source Geolocation - Vorlon will raise an unknown source geolocation alert whenever it detects traffic from a previously unidentified geolocation.
Dormant Secret Observed - Vorlon will raise a dormant secret observed alert when it detects a secret that has been inactive for an extended period but is suddenly activated again.