Get involved with the best community around. AG真人 and customers helping each other find answers through discussion threads.

Get Help
Education & Training
Menu

AG真人’s Response to Customers regarding the SolarWinds Threat

blue spiral

A widely impacting software supply chain cybersecurity attack was recently uncovered where a vendor with products deployed at corporations and government agencies across the globe was compromised, resulting in multiple breaches. The Cybersecurity and Infrastructure Security Agency (CISA) has identified SolarWinds Orion as one of the initial access vectors. AG真人 continues to monitor the situation as it develops.

The security of both AG真人's and our customers' data is a top priority. We can confirm that AG真人 products do not ship the affected SolarWinds Orion software or any components specific to SolarWinds. AG真人 customers running SolarWinds Orion should review the recommendations in SolarWinds' Security Advisory and FAQ. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security Agency (CISA) Supply Chain Compromise website for new information as it develops. In addition, at this time there is no known impact to AG真人’s products, services or operations.

AG真人's Response

Upon notice of the SolarWinds Orion Platform software compromise, the AG真人 Security team initiated investigations in accordance with our incident response processes. AG真人 followed the guidance issued to all SolarWinds customers in addition to following our internal processes for investigation, forensics analysis, and threat mitigation. AG真人 will continue to remain vigilant regarding all aspects of this challenging and evolving situation.

AG真人 plans to provide updates on our investigation and answers to common questions on this webpage. It should be considered the single source of current, up-to-date, authorized, and accurate information from AG真人.

Frequently Asked Questions (Updated January 6, 2021):

1. Are AG真人 products affected by the SolarWinds Orion vulnerability?

No. AG真人 products do not ship the affected SolarWinds Orion software or any components specific to SolarWinds.

2. Does AG真人 utilize SolarWinds Orion software for internal use?

Yes. AG真人 utilizes SolarWinds Orion for a limited number of internal environments.

3. Does AG真人 use SolarWinds Orion software versions identified as impacted?

AG真人 identified affected versions of the SolarWinds Orion software in our internal environment and applied mitigations in accordance with SolarWinds-provided guidance which is available in their Security Advisory and FAQ.

4. What remediation actions have been taken or are planned?

All affected versions of SolarWinds software have been remediated based upon the recommended actions provided by the vendor and CISA. AG真人 security systems have been updated to detect and block known attack vectors. AG真人 will continue to monitor for new mitigations or recommended remediation steps. We are continuing to track recommended mitigations and have completed the steps required to ensure AG真人 is up to date with current guidance at this time.

5. Has any customer data handled by AG真人 been exposed as a result of this issue?

At this time there is no evidence to suggest that customer data was exposed or exfiltrated due to the use of this software. AG真人 continues to monitor for impact and maintains its incident response processes and teams to ensure timely notification if the situation changes.

6. What is the impact to AG真人’s business?

At this time there is no known impact to AG真人’s products, services or operations.

7. How does AG真人 protect its environment from potentially affected software?

Generally, AG真人 does not disclose the details of its Cyber Security program. In response to this effort however AG真人 has followed the recommendations from SolarWinds and CISA. These actions also include but are not limited to: affected host isolation or shutdown, host remediation efforts, and increased monitoring for known attack vectors. Our security team and partners are working 24x7 to protect AG真人

8. How does AG真人 secure its products?

AG真人 follows secure development principles throughout our product development lifecycle. We expand and improve on our secure-development programs on a continuing basis. As a part of our standard procedures, we implement secure design principles, developer training, and extensive testing programs.

9. Have AG真人’s suppliers and vendors been impacted by the SolarWinds Orion compromise?

AG真人 is engaging with our supply chain to determine if any suppliers or vendors were impacted by this compromise. AG真人 has not been made aware of any supplier or vendor issues related to the SolarWinds Orion compromise at this time.

 

For questions not covered in the FAQ, send the question(s) to ng-solarwindsinquiry@michelbrosseau.com for follow-up.

For media inquiries, please contact xdl-uspr@michelbrosseau.com.

Drift chat loading