Automated monitoring solutions would alert a company

 Automated monitoring solutions would alert a company when information is being sent out from its systems to an unknown location and when data is being sent back, Mahoney said. “If they’re not even doing that at a minimum, that’s scary. That’s really scary,” he said. “And obviously they’re not, because none of them caught it.”There also appears to have been a striking lack of DNS protection that should have blocked the hackers from gaining deeper access after the initial malware communicated back to their server, Mahoney said.

“If any one of these customers had had a really good DNS security system in place, all of this command and control stuff--that allowed the second stage of this attack to occur, where they were actually able to get to a terminal session--never would have occurred,” he said. An estimated 18,000 organizations have been hit with malware via SolarWinds. Those include FireEye—which first disclosed the breach on Dec. 13—as well as Microsoft, Cisco Systems and VMware. The attack has also led to breaches at U.S. government agencies including the Treasury and Commerce Departments as well as the Departments of Defense, State, Energy and Homeland Security.

Still, spotting sophisticated cyber attacks is about more than just having the right tools, Mahoney said. And in many cases, companies already have plenty of cybersecurity solutions--they’re just not being used correctly, he said. “I think that people are investing in tools. I think that they’re not investing in a well thought out computer science or computer engineering strategy--which actually needs to be used and implemented, in order to put those tools in place to do what they need to do,” he said. “People are making investments. They’re spending money. But I can go buy all the wrenches in the world, to fit every possible task--and if I don’t use those wrenches properly, it’s never going to matter. And I think that’s the situation that we’re in.”