solarwinds user access governance risk assessment

Access Review Assessment For SolarWinds Hack

Submit your information for a quick assessment

Last week multiple companies and US government agencies were impacted by the SolarWinds Hack. Solarwinds, a US-based company that develops software for IT monitoring and network management, has released a statement that this cyberattack has affected devices on their Orion platform. Customers were prompted to complete an update containing the malware, and if activated this would enable compromised access to servers, workstations, and other networked devices running the Orion application. Per Gartner, SolarWinds is the No. 3 provider of IT operations software, behind only Splunk and IBM. For any CISO or CIO the news can’t get worse than this.

Over the next few months, many organizations will be dissecting this incident in an effort to protect their own businesses from similar attacks. One key lesson? The importance of doing continuous User Access Reviews. Once the hackers got access to the developer account, they managed to inject malicious code in Orion application library that was used in the software updates. Clearly, continuous access reviews would have strengthened the cybersecurity posture and reduced common access risk scenario. Although hackers are using increasing sophisticated techniques, Access Reviews will continue to be a key line of defense from these cybercriminals, making it harder for them to get at the information they are seeking. Book a session with our team of professionals to do a full assessment.