Over the recent days, details have begun to emerge about an issue which affects the SolarWinds Orion monitoring products. Solarwinds Orion is a monitoring product which is employed across organisations around the world and often used in mission-critical environments that require high levels of uptime and monitoring. The threat is being referred to by two names: Solorigate and SUNBURST.
At Arcible, we take monitoring our services seriously and we take security seriously too. We use multiple products for the monitoring of our services; we consider security at all times and factor it into multiple layers of our operations. We’re releasing this article both as reassurance for our customers and for your information about Arcible and the Solorigate SUNBURST threat.
Arcible does not use the SolarWinds Orion product or any SolarWinds products to conduct our business either internally or externally with customers. Based on our current understanding and knowledge of the issues, Arcible does not believe that it is impacted by the SolarWinds threat, however, we continue to remain vigilant and review our security tools.
What should I do if I use SolarWinds Orion products?
If you use SolarWinds Orion or are concerned that you may be affected, you should review reputable sources of information for how to identify and resolve the issues below. We have provided a few of these sources below.
- SolarWinds https://www.solarwinds.com/securityadvisory
- National Cyber Security Center (NCSC) https://www.ncsc.gov.uk/guidance/dealing-with-the-solarwinds-orion-compromise
- Microsoft https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/
Several anti-virus and anti-malware products have already been updated to include detections for the issue, however, this will not address the root of the issue with detection alone. You should consult with your anti-virus software vendor to understand whether they have updated their product to detect this and what version is required to provide that protection.
Users of Windows 10 with Windows Defender and Microsoft 365 customers using Microsoft Defender for Endpoint, formerly known as Defender Advanced Threat Protection, have coverage as of version 1.329.368.0 or higher.