SolarWinds, an Austin-based IT management software company, was compromised via a software supply chain attack by suspected nation state adversaries. This was considered to be a sophisticated attack that exposed a vulnerability in many infrastructures. The attackers utilized novel attack vectors and tools, tactics, and procedures (TTPs) to target nearly 18,000 companies and government agencies.
At VGS, we do not use SolarWinds, so our first response was to act quickly to determine whether any of our vendors used SolarWinds for IT management purposes. We reached out to vendors that process or store sensitive data via a questionnaire, and fortunately, none of our vendors utilize SolarWinds for IT management.
VGS is not impacted by the SolarWinds compromise. Still, we consider protecting our customers’ data to be our top priority. Every security practitioner knows that security is a process, and that there’s always another guardrail that can be put in place to raise the bar. To that end, we are using this time to accelerate VGS’ overall security posture to the next level, on several initiatives.
We will be following up with additional blog content to share with you some of the other strategies and approaches we have focused on (and share the lessons learned along the way).
If you have any questions about this blog post, please email support@verygoodsecurity.com
Kathy Wang 
