Back to blog

Volta’s guidance on the SolarWinds supply chain attack.

As more details about the SolarWinds supply chain attack have rolled in, CISA (Cybersecurity and Infrastructure Security Agency), has advised SolarWinds customers to assume they are compromised and to take their SolarWinds stack offline. Additional “known malicious” file hashes are being shared and this may continue as victims come forward with forensics and findings.  

Based on the industry, as well as risk tolerance and budget, the safe advice is to decommission SolarWinds permanently and to look at another solution like ManageEngine or Volta’s own in-house product, Multimeter. If this is not an option, the file hashes for the malicious files should be blacklisted across all compensating controls and IPS/Snort signatures should be deployed in any/all intrusion prevention system technology. We would also recommend segmenting the network so the SolarWinds server(s) are only allowed to reach the bare minimum of the IP address space necessary to do their job. CISA has a complete list of recommendations here: https://cyber.dhs.gov/ed/21-01/.

About the Author

Mark Macumber
Chief Information Security Officer Meet Mark

Let’s Get Started.

We’ll meet for a free consultation about solutions to your most pressing IT, Infrastructure and Security needs. Then we’ll make it happen.

Contact Volta

Volta Support

We appreciate your business and we’re here to support you. Call the number below and select option 1 for immediate assistance.

...or send us an email.

  • This field is for validation purposes and should be left unchanged.

All fields required