720-891-1663
Return to the list of client alerts
According to Senator Ron Wyden, CISA said that companies that used infected versions of SolarWinds Orion AND who configured their firewalls to block outbound connections from the SolarWinds server stopped the malware from working.
A very simple technique.
SolarWinds says that those servers do not need the ability to make outbound connections.
The NSA and NIST have both warned for over a decade that businesses should block outbound connections when they are not needed (which is most of the time). Credit: Reuters
So what is the message here?
Segmentation has been considered a best practice for years. Micro-segmentation is the evolution of that practice. Segmentation with port blocking is considered a best practice. Very few companies do that because the setup takes work.
Do you know what takes work? Recovering from a SolarWinds-style attack and the resultant lawsuits. That can take years to clean up.
If you need help, contact us. If you can do it yourself, do it. Take this as a signal that now is the time to start segmenting your network before you become a victim.