I Use SolarWinds, What Do I Do Now?
In This Article
Some organizations that were impacted by the SolarWinds breach may continue business as usual. However, if you use the SolarWinds platform, it's important to assess your organization for any risk.
Here are answers to common questions clients are asking post-breach related to the use of SolarWinds.
Should I perform the update SolarWinds has provided on their website?
Yes, SolarWinds was compromised but has taken numerous actions to mitigate known threats and have provided updates to their software to further harden against attack.
We are using SolarWinds and will continue to do so. How should we manage risk related to our organization and third-party providers going forward?
Third-party risk management is seriously understated in the world of cybersecurity today. Performing third-party assessments, contract reviews of services and support and compliance, and other matters are pertinent for SolarWinds and other partners -- especially if no such governance exists today. WWT leverages risk management practices, like that of audits and assessments, coupled with vCISO services, to identify risk and develop a roadmap of how to best to close gaps.
If we continue to use SolarWinds, will we fail compliance requirements necessary for our business to operate?
It is highly unlikely that an audit or assessment of security for an organization will fail due to the relationship they have with SolarWinds. Compliance and certification are based on general common standards of cybersecurity. If appropriate controls, practices and processes are in place -- including a third-party risk management program -- it is unlikely that a specific vendor like that of SolarWinds will significantly impact the overall risk assessment.
What alternatives to SolarWinds should I consider if I've decided to select a new partner?
Should you decide to move away from SolarWinds as your provider, WWT strongly recommends you identify the total impact of a change. Countless hours are spent on change management, with a multitude of risks introduced. Security staff is often difficult to acquire and retain, leaving limited staff to manage a major overhaul of resources in a pandemic environment.
It's imperative to consider the technical impact, business impact and impact to your overall security posture before making a decision to stay with the product, slowly move away from it or remove it immediately.
Organizations that are ready to consider an alternative to SolarWinds have several important variables to prioritize in their selection and request for product queries:
- Determine if a tools rationalization workshop is required to consolidate tools, lower risk and improve cost effectiveness as you mature forward.
- Identify key areas of functionality that are required specific to your organization, and prioritize them before you start to consider alternatives.
- Focus on major cost-based variables like ease of onboarding, how cohesive and integrated the software is, and ease of use by various stakeholders.
- Consider other elements of selection strategy related to areas of strength or capabilities, like analytics and reporting, troubleshooting and diagnostics, scalability and agility, support agreement terms, and cost.
Gartner has published a SolarWinds comparison for alternatives to the platform. Some of the leaders include Cisco, LogicMonitor, Vmware, Manage Engine and Microsoft. However, overlap of functionality is very diverse and inconsistent, requiring many organizations to develop their own checklist of primary functional components, such as existence and strength of endpoint monitoring, diagnostics, service delivery monitoring, ease of deployment and so forth.
Be sure to apply due diligence of exactly how a solution specifically meets specific needs, such as cloud integrations, as some providers may not have such functionality. In some cases, organizations may choose to diversify into more specific software solutions related to configuration management, network operations center up/down monitoring and reporting, application management, and network performing monitoring.
Thousands of organization -- including those with sophisticated, intelligence-driven operations -- were compromised in the SolarWinds breach. The unfortunate reality is that if a sophisticated adversary desires to compromise an organization, they likely will do so over a long period of time. It is critical that organizations strategically prioritize security maturity post the SolarWinds breach to best respond to this incident.
We recommend adopting a strong top-down governance and leadership approach for a multi-leveled security risk management program designed for the entire organization. Adoption of progressive solutions, such as zero trust networking, also are critical to lowering risk and identifying threats faster.