Specific to the FireEye breach which identified a widespread compromise of Solarwinds software, OneNeck continues to ensure we are following security industry and vendor recommendations for securing our environment specific to any of the
Common Vulnerabilities and Exposures (CVE)
and any Indicators of Compromise’s (IoC) that become known to be associated with these breaches. The
specifically associated with these breaches have documented solutions from the appropriate vendors that have been made available. Therefore through our standard process, such as normal patching, OneNeck devices have the appropriate protections. While OneNeck does not leverage the SolarWinds Orion IT monitoring and management software to provide any of our services, we have and continue to:
- Consume signatures and Indicators of Compromise (IOC) related to the Solarwinds and FireEye compromise into our monitoring and security platforms.
- Contact our suppliers and vendors to review any use of Solarwinds, and to identify and mitigate any potential risk to OneNeck data or services.
Additionally, to continuously ensure our environment has the appropriate security protections, detections and response, OneNeck leverages the
Center for Internet Security’s
(CIS) Critical Security Controls, which are a series of cybersecurity actions prioritized by their criticality in preventing cyberattacks. OneNeck completes a CIS Critical Security Control’s assessment at least annually, along with incorporating the controls as part of any new service.
For customer-specific environments where OneNeck provides managed services, OneNeck is monitoring for any additional updates from specific technology vendors to address potential threats. As updates are identified, OneNeck will follow appropriate communication and change protocols to get approval from customers to implement. As noted previously, where customers leverage our recommended patching process, the specific protections related to patches recommended by CVE’s would already be in place. Where OneNeck provides additional security services such as Endpoint Detection and Response (via Cisco AMP for Endpoints), Next Generation Firewall (via Cisco Firepower) or Managed Detection and Response (via Alert Logic), we continue to work with these key vendors to implement additional monitoring and protections associated they provide with protecting against new threats associated with the FireEye or Solarwind breach.