Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

A Cybersecurity (Installation) Odyssey in the South Pacific

Trustwave recently completed an almost three-year-long project that took the team to several of the most exotic Pacific paradises on the map. The trip was not a vacation as we spent long days helping install a wide variety of defensive platforms designed to protect national governments from cyberattacks, but one really couldn’t complain about the location.

BTW_20120_picture9hg

Before "diving" into what it was like working in these Pacific nations with their swaying palm trees, amazing ocean vistas, let me give a little background on myself and the team involved.

I belong to the Cyber Architecture Integration (CAI) for Trustwave Consulting and Professional Service, Pacific, team and while we dabble in several cybersecurity areas, our primary task is to focus on deploying, configuring, and tuning various cybersecurity tools. These tools relate to vulnerability management, networking (including firewalls, specifically Fortinet), endpoint detection and response (EDR) and the major focus for our team and this project - the deployment of security information and event management (SIEM) tools.

 

Trustwave was engaged as a member of Australia’s Cyber Cooperation Program (CCP) to deliver Cybersecurity Services in the Pacific (CSSP) Project. Australia’s CCP works across the Indo-Pacific region to improve cyber resilience, with the goal of sustaining a secure Internet that protects national security and promotes international stability, while driving global economic growth and sustainable development.

The specific Pacific Island Countries (PICs) in scope for this project were Fiji, Solomons, Vanuatu, Samoa, and Tonga.

My role within CAI was to work with each PIC and provide foundational Information and Communication Technology (ICT) infrastructure and support services to each country’s Computer Emergency Response Team (CERT) to ensure they had the capability to install, configure, utilize, and maintain the related tools. This activity involved identifying the appropriate tools and technologies required and assisting the various PICs by installing each in-country.

These tools included a SIEM, Threat Indicator Sharing Platform, Network Traffic Collection and Monitoring solution, Threat Intelligence, Endpoint Security, and other capabilities for hardware and devices.

The installation of these systems and tools led to the creation, for many of the PIC's, of their first CERT capabilities. The team's contributions dramatically increased each CERT’s visibility over threats residing within their government networks through the use of the security dashboards, which we installed, which also enhanced their ability to investigate incidents.

Creating a No-Cost, Long-Term Security Infrastructure

One remarkable and intentionally sought out attribute of the tools procured for these projects lies in their zero cost and open-source nature. Each tool we deployed is freely accessible and adjustable.

Utilizing an open-source environment fosters transparent and direct engagement with online communities, enabling the local security teams to collaborate and share knowledge among security enthusiasts and experts alike. The availability of these tools, coupled with their open-source foundations, empowers the CERT teams to enhance their cybersecurity posture without incurring substantial financial burdens, an important point for each locality. By harnessing the collective expertise of the cybersecurity community, they can leverage these tools to bolster their defenses and fortify their digital environments.

Free Does Not Always Mean Easy

While ample information existed regarding the setup of each individual tool, the challenge lay in connecting and integrating each as a cohesive system, a SIEM.

This task proved to be a formidable undertaking, requiring extensive problem-solving and resourcefulness from the entire team. We navigated numerous open-source community posts and blogs, delving deep into research, tirelessly seeking answers, and engaging in brainstorming sessions to unravel the complexities involved with each country’s unique environment.

This unwavering commitment and perseverance to these projects ultimately resulted in successfully connecting these diverse tools and establishing a cohesive cybersecurity solution within each environment for the first documented time ever.

Commuting to Exotic Island Paradises

These projects did entail a change in my daily work/life routine compared to a typical project I work on. One major difference, and incredible opportunity, was the in-country deployment.

BTW_20111_picture1ff

Georgia Turnham (TW) on the left and myself on the right.

It is unusual for our team to work in other countries. My normal daily journey is from my bed to my nearby desk. The travel associated with this project, which I consider to be a once-in-a-lifetime opportunity, involved catching 10 flights within a span of 5 months which became so regular it started to feel like catching the train to the Sydney office.

Before commencing the on-site deployments, the CAI team invested significant effort conducting a multitude of pre-deployment installations and configurations for the systems and technologies. This meticulous preparation was imperative to ensure the solutions were fully operational and ready for deployment in each PIC.

Following this extensive groundwork, the hardware was securely shipped to their respective locations.

Once the necessary visa and flight arrangements were finalized, our team would retrieve the equipment, typically located at the Country’s Australian High Commission Building , to commence the deployment process. Utilizing the provided transportation, the hardware was carefully moved to its designated final location.

Working Closely with the Host Nation

While it is not customary to find ourselves riding in the back of a client's Ute to deliver their cybersecurity hardware, I highly recommend doing so. Using the nation’s trucks and working with their staff, offered valuable insights and a distinct perspective on the local sights, surroundings, and dynamics.

BTW_20110_picture2ff

A member of Vanuatu’s Computer Emergency Response Team on the right, joined by myself and another Trustee.

After placing the servers in their respective data centers, our team began the implementation and configuration of the tools. This activity involved extensive deliberations among ourselves and in-country stakeholders to determine the most efficient and robust network architecture and structure.

Working closely with the CERT personnel in each country was an integral part of this process, and it also offered us a unique and increasingly rare experience, particularly in light of the COVID-19 pandemic.

BTW_20109_picture3ff

Tonga’s Computer Emergency Response Team (CERT Tonga).

The opportunity to collaborate face-to-face with clients was truly invigorating for me. Being on scene allowed us to quickly identify resolutions for complex and nuanced inquiries and concerns. The ability to engage in direct, in-person interactions provided a refreshing dynamic that I found just cannot be fully replicated remotely.

BTW_20114_picture4ff

A get together with Tonga’s Computer Emergency Response Team (CERT Tonga).

Since the beginning of the project, the team firmly believed these trips were more than just technical implementations—they were about fostering relationships and ensuring the local CERT teams understood what was being developed throughout the entire implementation journey – and this proved just that.

BTW_20113_picture5ff

Tonga’s Computer Emergency Response Team (CERT Tonga), Leigh Costin and I are standing in the middle.

When in Samoa……

Another intriguing aspect of operating within the PICs lies in their utilization of shipping containers.

The PICs are located in geographically isolated and tropical regions, and each is exposed to an array of severe weather conditions such as heavy rainfall, high temperatures, extreme humidity, and the regular occurrence of tropical cyclones.

These unique conditions not only foster resilient and tightly knit communities, but also require innovative approaches to server placement. To address these challenges, many islands use FlexPods (repurposed shipping containers) as their data center, a practice that has become common throughout the region.

BTW_20112_picture6ff

Leigh Costin “CAI’s managing consultant” (standing), myself.

Using shipping containers as data centers offers numerous benefits. First, it significantly reduces construction time and costs, enabling rapid scalability as businesses or as we would say in this context countries expand. Additionally, these container-based facilities exhibit notable energy efficiency, aligning with sustainable practices and addressing local concerns around climate change.

However, despite the benefits, there are specific challenges that come when working in a FlexPod. Limited in space poses obstacles for movement and operations, making it challenging to navigate and work comfortably. Routine maintenance, repairs, and equipment upgrades can be cumbersome due to the confined space. Power management is another critical aspect to consider, ensuring uninterrupted operations and preventing major disruptions caused by power failures. Notably, power supply issues have been observed in Pacific nations, leading to complete data center outages. Therefore, it is essential to have backup generators, robust physical security measures, and a thorough understanding of power requirements to avoid overloading the system and mitigate risks.

Another unique addition found near our container-based data centers are farm animals. Sometimes these data centers have chickens roaming the surrounding area, adding to the entertainment factor (and possibly the development of some extremely intelligent chickens).

Engaging in a project of this magnitude offers a plethora of captivating insights and valuable takeaways for the cybersecurity community, and I hope this experience provides an insightful first look how we can undertake projects and this type of work as we move forward.

I want to recognize the diverse and multifaceted teams involved in this project.

BTW_20118_picture7ff

While this blog specifically focuses on the role played by myself and the CAI team, it is essential to recognize the collective expertise and support provided from Trustwave’s different departments - including Cyber Advisory, Digital Forensics and Incident Response, and our team of Spiders (they only had 2 legs – don’t worry!). Teamwork truly makes the dream work – and I have to give a shout out to those that particularly supported and mentored me within this project: Leigh Costin, Banuka Kodituwakku, Georgia Turnham, Rory Coulter and Jason Cherry.

And a big malo, tuff tumas, Vinaka, fa’afeti and tagio tumas for all the amazing people and teams we met and worked with in each country, this project would never have taken off without your support. Thank you for all that you sacrificed, hope to see you again.


BTW_20117_capture-cyber-architecture-integration

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More