On December 13, 2020, the Cybersecurity & Infrastructure Security Agency (CISA) issued an emergency directive detailing required action for federal agencies to mitigate the threat of the recently discovered compromise involving SolarWinds® Orion® Network Management products that are currently being exploited by malicious actors. (Read the SolarWinds Security Advisory here.) Given the nature of the threat and its potential impact on many industries outside of federal agencies and the public sector, organizations should take proactive steps to determine if this software revision is in use within their environment, and also evaluate their incident response function to ensure an appropriate level of vigilance.
Protiviti has issued a Flash Report that summarizes the threat and recommends steps organizations can take to reduce their exposure to this event.
Read additional posts on The Protiviti View related to Technology and Cyber Security.