Orion is a centralized IT management system that works with other SolarWinds network and infrastructure monitoring software, essentially providing a framework for the company’s other products. Users inadvertently introduced malware into their networks by updating the software between March and June of last year. Federal intelligence and law enforcement agencies said for the first time that the hacking was “likely Russian in origin” on Monday after a month of speculation.ĬISA said it is “working closely with FedRAMP to coordinate the response to ED 21-01 with FedRAMP Authorized cloud service providers.” Those service providers have been instructed to coordinate with their agency customers. “While the immediate known consequence of this access was the insertion of the malicious code into the affected versions of SolarWinds Orion, there may be other unknown consequences as well.”
“The adversary enjoyed longstanding, covert access to the build process that SolarWinds uses for Orion, including to the code underlying the Orion platform,” the guidance reads. The guidance offers 12 specific conditions for operating the SolarWinds software.Įven operating that updated version, however, carries risk. Those tasks would include either rebuilding the software infrastructure and resetting involved accounts, or updating to the latest version.
In addition, agencies that “accept the risk of running SolarWinds Orion” must meet certain “hardening” requirements, depending on whether their networks ever utilized affected versions of the software.
#Solarwinds monitoring tool guide update
Agencies must also hunt for indicators of compromise or “other evidence of threat actor activity” and create or update a CISA incident report accordingly. That analysis must look at system memory, host storage, network and third-party environments such as cloud services. Federal agencies that ran compromised SolarWinds Orion software must conduct a forensic analysis by the end of the month, according to new supplemental guidance from the Cybersecurity and Infrastructure Security Agency released Wednesday.
0 kommentar(er)
