Is VGS Impacted by the SolarWinds Vulnerability?

December 17, 2020
Solar

SolarWinds, an Austin-based IT management software company, was compromised via a software supply chain attack by suspected nation state adversaries. This was considered to be a sophisticated attack that exposed a vulnerability in many infrastructures. The attackers utilized novel attack vectors and tools, tactics, and procedures (TTPs) to target nearly 18,000 companies and government agencies.

At VGS, we do not use SolarWinds, so our first response was to act quickly to determine whether any of our vendors used SolarWinds for IT management purposes. We reached out to vendors that process or store sensitive data via a questionnaire, and fortunately, none of our vendors utilize SolarWinds for IT management.

VGS is not impacted by the SolarWinds compromise. Still, we consider protecting our customers’ data to be our top priority. Every security practitioner knows that security is a process, and that there’s always another guardrail that can be put in place to raise the bar. To that end, we are using this time to accelerate VGS’ overall security posture to the next level, on several initiatives.

We will be following up with additional blog content to share with you some of the other strategies and approaches we have focused on (and share the lessons learned along the way).

If you have any questions about this blog post, please email support@verygoodsecurity.com

Katy Wang Kathy Wang

CISO at Very Good Security

Share

You Might also be interested in...

vgs-blog-seriesc-featured

Some Very Good News: VGS Raises $60M Series C

Mahmoud Abdelkader December 21, 2020

vgs hackathon

VGS Hack Week 2020

Mike Jensen December 17, 2020

Brazil’s version of the GDPR

LGPD - What to Expect from Brazil’s version of the GDPR

Kenneth Geers September 9, 2020