Posts

Showing posts from 2021

On SolarWinds, Supply Chains and Enterprise Networks

Image
The recent SolarWinds incident has managed to grab headlines outside of our security ecosystem. The many (many) headlines and columns inches dedicated to the event are testament to the security worries that continue to reverberate around the globe.  But we think that most of these articles have buried the lede.  Most discussions take the position that our enterprises are horribly exposed because of supply chain issues and that any network running SolarWinds should consider themselves compromised.  We think it's actually more dire than that (and suspect it's going to get worse). Let us lay out the case for why SolarWinds should concern you even if their tools are nowhere near your networks. It’s easy to whip up a think-piece in the wake of a public security incident, especially as a vendor. The multitude of vendor mails riding the SolarWinds incident are overflowing our inboxes. But even a stopped clock is right twice a day, and this is one of those times. An abstracted, low res