It’s pretty amazing how managed security services providers (MSSPs) can go from being goats to something of a hero in a few short days. When the breach of the Orion network monitoring software was first disclosed by FireEye, much of the initial focus was on what the MSSP might have done wrong to allow such an egregious breach to impact its customers, many of which happened to include a wide range of government agencies.
FireEye as an MSSP is somewhat unique in that in addition to providing cybersecurity services, it also trained the machine learning algorithms it relies on to augment its personnel. Shortly after the breach was disclosed, the source of the breach had been traced back to the software supply chain SolarWinds had used to build the latest release of Orion. The systems that SolarWinds employs to build that software have been compromised by malware that cybercriminals had managed to insert into the company’s software development platforms. It then quickly became apparent that any organization that had installed the latest version of Orion might be impacted by that breach.
Fortunately, many IT organizations that rely on Orion are generally slow when it comes to updating anything, so the percentage of the 18,000 organizations using a version of Orion that was made available last March might be relatively slight.
SolarWinds RMM unaffected
Managed service providers (MSPs) also dodged a bullet when it was revealed that the remote monitoring and management (RMM) software from the SolarWinds MSP business unit has not been impacted by the breach. That could have resulted in hundreds of thousands of systems managed by channel partners being breached.
However, there is still a significant mess to be cleaned up. Many channel partners employ Orion in the same way FireEye did to support customers. Others are SolarWinds resellers of Orion software that provide support for that tool. In both cases, faith in Orion software is understandably shaken now that it appears there was a second breach of the SolarWinds supply chain. Many MSPs and end customers alike are likely to replace Orion software in the expectation that it’s better to be safe than sorry.
Customers likely to review MSP security
In fact, the Orion incident is likely to drive a security review across a wide range of enterprises, says Judith Hurwitz, CEO of Hurwitz & Associates, a provider of IT consulting and market research. MSPs will be required to prove their services are secure, adds Hurwitz.
“Security is going to be a much bigger deal,” says Hurwitz.
As a result, channel partners should expect end customers to be conducting security reviews of just about every piece of networking software they use. After all, if the SolarWinds software supply chain was compromised, who can say with confidence that other software supply chains haven’t been compromised too.
Of course, it’s not clear to what degree channel partners might be able to monetize those reviews. However, the one thing that is certain is change is about to surely come.