As you all know, FireEye recently uncovered that multiple commercial and government organizations were infiltrated by cyber threat actors via exploitation of the SolarWinds Orion software. CISA, FireEye, Microsoft and the FBI continue to investigate this incident and publish updated information regarding the exploitation.
This is a rapidly evolving situation, and new information comes to light regularly.
We are monitoring the news and will continue to keep our customers informed. In the meantime, it is important to remain calm and maintain regular operations to keep your business thriving. No organization is entirely invulnerable to cyber threat, but the ability to fight through an incident and maintain business continuity is key.
FireEye has been the quintessential example for cyber resiliency. This more mature approach for fighting through the type of advance threat scenario that has been reported was only recently published as a standard by the National Institute of Standards and Technology (NIST) in their Special Publication 800-160 Volume 2: Developing Cyber Resilient Systems.
CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. Ardalyst will be running this script on our and our customers’ M365 tenants.
In accordance with CISA Emergency Directive 21-01, we highly recommend you disconnect or power down any SolarWinds Orion products until further notice if you are using them.
If you are not currently a monitored customer and would like to discuss implementing monitored service with us, please call 833-682-8270 so we can get started as soon as possible.