Lessons have been learned particularly on the need to communicate with partners and users, says SolarWinds MSP in a partner event his week following a “nation-state” attack on its code late last year. But it could still be a year before all technologies used to infiltrate its code are uncovered underlining the sophistication of the attack, say experts who are advising all MSPs to step up their own security.
In a special presentation to partners, John Pagliuca, president of SolarWinds MSP said that the company had gone through a difficult time, but emerged determined to be more open as well as more secure. Tim Brown (pictured, lower) VP of security at the company then told partners about the steps it had taken to harden its systems and security models, but said that one of the hardest tasks it faced once the breach had been discovered was communicating with partners and customers at the right level.
He apologised for taking the somewhat dramatic step of revoking the trust certificates on the products to provoke a response among those customers the company and its partners had not been able to contact. There was a group of customers running on-premise software that could not be accessed, he said, and so he took the decision with the certificates. He promised that a new programme of communication would make it much easier to reach partners and customers in future.
The incident, which is still under investigation at Federal level in the US, has meant a close examination of all SolarWinds processes and systems, driving new investment in establishing testing environments and clean rooms, as well as using external experts. Jim Mulkey (top in picture), GVP Engieering told partners that the new higher levels of security at the company would act as a differentiator in future.
MSPs need to be aware that they are also the target for such attacks, says consultant Alex Stamos, partner with Krebs Stamos Group, an expert on threats and security: “MSPs and CSPs should remember that they are very attractive to such attackers. If you have the power to reach and manage your customers, then that is also a liability on your balance sheet.”
He named the Russian state agency as the attacker in this incident, saying it was only recognised when a customer used multi-factor authentication to check a system response. He advised a major reduction in access levels for all, and wider use of MFA. With so many customers now straddling on-premise and cloud IT, it really calls for a doubling of security to reduce the attack surface.
But acknowledging that such attacks are inevitable it was vital to speed response and reactions, particularly among service providers. He also added that it may well be another year before all the attack mechanisms in the stealth attack could be understood, such was its level of sophistication.