The supply-chain attack on the SolarWinds network management software, Orion, which came to light in mid-December, has had far-reaching impact on government and private sector organizations. Please see the advisory from the Cybersecurity & Infrastructure Security Agency (CISA) for more information on the breach.

SilverSky’s Response

Within 24 hours of the breach notification, SilverSky began taking action, much of which is ongoing as new indicators of compromise (IOCs) are provided.

  • SilverSky SIEM team built new detection rules based on the provided indicators of compromise (IOCs). New IOCs are being added as more details on the compromise are discovered; SilverSky has continued to monitor and deploy new detection rules as IOCs are provided.
  • SilverSky SOC has scanned historical logs for the IOCs since March and found no activity related to the breach. We have conducted scans for the Sunburst and Supernova vulnerability and increased security event monitoring to try to identify if any horizontal or lateral movement present.
  • SilverSky Operations performed ongoing emergency maintenance as updates from SolarWinds were made available to ensure all instances are running recommended versions. We have implemented all necessary updates as of today.

Our current analysis shows that SilverSky has no indication of compromise. We continue to follow SolarWinds and the Cybersecurity & Infrastructure Security Agency (CISA) for the latest details.

Frequently Asked Questions

(last updated 3/8/2021)

Does SilverSky use ANY SolarWinds Orion Software?

Yes, SilverSky uses SolarWinds for the management and monitoring of devices.

Has SilverSky found any indication of compromise?

We have scanned historical logs dating back to March 2020 and have identified no indication of compromise. We continue to scan for any newly identified IOCs related to this breach.

Has SilverSky worked through the suggested remediation steps of CISA and Solarwinds?

Yes. We have installed all patches provided by SolarWinds and updated them to the latest version (2020.2.4) as of March 5,2021.

Has any customer data been exposed as a result of this vulnerability?

No customer data handled by SilverSky has been exposed. We continue to monitor this as more IOCs are identified.

Has SilverSky verified with all vendors and service providers whether they use any of the affected SolarWinds products?

Yes, SilverSky is actively working with our supply chain to identify whether they use any of the affected SolarWinds products and to determine the remediation steps being taken are in line with what has been advised by CISA and Solarwinds.

 

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.