The SolarWinds provide chain breach in December 2020 is among the many most refined and widespread cyber assaults ever deployed. The assault was estimated to have affected practically 20,000 prospects, together with the U.S. Federal Authorities and high-level organizations within the personal sector after attackers mobilized hidden code inside SolarWinds merchandise and the corporate’s Orion platform.
Sending a SolarWinds questionnaire to third-party distributors is now an important step in vendor due diligence for organizations throughout a number of industries, together with training, expertise, finance, and authorities providers. By gaining perception into how a vendor makes use of SolarWinds utility monitoring providers and/or was affected by the breach, your group will higher perceive a vendor’s general safety posture and dedication to wholesome danger hygiene.
Maintain studying to find pattern questions your group can embody in its SolarWinds vendor questionnaire.
Learn the way Cybersecurity streamlines the seller questionnaire course of.>
What Do Organizations Use SolarWinds For?
The SolarWinds Orion Platform is a stack of database administration merchandise that permit IT safety professionals to trace database metrics and handle infrastructure and efficiency. The stack of functions obtainable from SolarWinds.com consists of applications that help organizations with the next duties:
Community Efficiency Monitoring (NPM)Community TroubleshootingServer & Software Monitoring (SAM)Consumer Machine Tracker (UDT)Service Desk Communications ManagementIP Handle & IP SLA ManagementSimple Community Administration Protocol SNMP PollingWeb Efficiency Administration (WPM)SQL Server Efficiency MonitoringMachine Sorts ManagementHybrid Cloud ObservabilityNPM and Exterior Infrastructure (CISCO, AWS, Microsoft Azure) IntegrationNetwork Server Efficiency Administration (Home windows, Linux, Mac)
Questions To Ask Distributors Concerning SolarWinds & IT Service Administration
Listed here are a number of questions your group can use to construct out its personal SolarWinds safety questionnaire and assess the standing of your distributors.
1. Was your group impacted by the current SolarWinds Orion malware cyber assault?
YesNo[Open text field for vendor comments]
2. Has your group ever run an affected model of a SolarWinds Product?
Sure, we’re currentlyYes, we have now within the pastNo, we have now by no means[Open text field for vendor comments]
3. Have you ever up to date the affected SolarWinds merchandise to unaffected variations?
YesNoNot relevant[Open text field for vendor comments]
4. Are you conscious of any suspicious exercise or compromised knowledge associated to a SolarWinds incident?
YesNoNot relevant[Open text field for vendor comments]
5. Do you companion with any third events affected by the SolarWinds breach?
YesNoUnsure[Open text field for vendor comments]
6. If sure, please listing the distributors under
Vendor Title:Vendor Title:Vendor Title:[Open text field for vendor comments]
7. For those who do companion with any distributors who have been affected by the breach, what degree of knowledge is shared with them?
Delicate dataPersonal dataNo knowledge is sharedNot relevant[Open text field for vendor comments]
8. How considerably did the SolarWinds assault impression your group?
The assault considerably impacted our community, IT infrastructure, and safety applications, disrupting operations and enterprise continuity. There additionally was a lack of delicate knowledge.The assault drastically impacted our community, IT infrastructure, and/or safety applications, inflicting a slight disruption to operations and enterprise continuity. Some knowledge confidentiality was misplaced.The assault barely impacted our community, IT infrastructure, and/ or safety applications. Nonetheless, enterprise operations weren’t disrupted, and no knowledge was misplaced or corrupted.The assault didn’t impression our community, IT infrastructure, and/or safety applications.[Open text field for vendor comments]
9. Did the SolarWinds assault disrupt important providers your group delivers to shoppers and companions?
YesNo[Open text field for vendor comments]
10. Does your group’s cybersecurity program possess a developed incident response plan?
Sure, our group does have an incident response plan in place that features steps for identification, mitigation, reporting, future prevention, and shopper communication.Sure, our group does have an incident response plan in place. Nonetheless, the plan is both outdated and must be up to date or doesn’t embody procedures for a number of of the next: identification, mitigation, reporting, future prevention, or shopper communication.No, we develop incident response procedures case-by-case after an incident investigation.No, our group doesn’t have any developed procedures for incident response.[Open text field for vendor comments]
11. Who’s your group’s level of contact for extra safety queries?
Title:Title:Electronic mail Handle:Telephone Quantity:[Open text field for vendor comments]
12. Has your group applied new protections, put in new controls, or up to date present infrastructure to resolve the SolarWinds assault’s impression on the enterprise?
New controls and protections have been recognized and put in for future preventionNew controls and protections have been recognized and are at the moment being put in for future preventionNew controls and protections have been recognized, however set up has not but begunNew controls and protections haven’t been recognized or put in[Open text field for vendor comments]
13. In case your group has but to put in new controls, has it applied workaround strategies or compensating controls to keep away from comparable assaults sooner or later?
Compensating controls and/or workaround strategies have been applied to mitigate and/or stop future cyber attacksCompensating controls and/or workaround strategies have been recognized to mitigate and/or stop future cyber assaults, however they haven’t but been implementedCompensating controls and/or workaround strategies have but to be recognized or applied[Open text field for vendor comments]Streamline SolarWinds Vendor Questionnaires With Cybersecurity
Cybersecurity’s questionnaire library features a complete SolarWinds vendor questionnaire and different safety questionnaires that meet trade requirements. Organizations trying to enhance their vendor due diligence protocols and develop sturdy Third-Occasion Danger Administration applications can use Cybersecurity’s library of questionnaires to determine and mitigate dangers all through the seller lifecycle.
Along with its complete library of safety questionnaires, Cybersecurity Vendor Danger additionally supplies organizations entry to a number of different highly effective Cyber Vendor Danger Administration instruments.
Notable options and use circumstances of Cybersecurity Vendor Danger embody:
Begin your Cybersecurity free trial proper now.
Able to see Cybersecurity in motion?
Prepared to avoid wasting time and streamline your belief administration course of?
