Falanx Group Ltd (LON:FLX), the AIM listed provider of cyber security and strategic intelligence services provides its investors with some clarity over the recent news of the supply chain attack on the SolarWinds® Orion® Platform software, 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF1.
On Monday, December 14, SolarWinds MSP issued this notice offering more clarity to their MSP customers:
“We have just been made aware our systems experienced a highly sophisticated, manual supply chain attack on SolarWinds® Orion® Platform software builds for versions 2019.4 through 2020.2.1. We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed incident, as opposed to a broad, system-wide attack.
At this time, we are not aware of an impact to our SolarWinds® MSP products including RMM and N-central.
Security and trust in our software are the foundation of our commitment to our customers. Thank you for your continued patience and partnership as we continue to work through this issue.”
Falanx Cyber does not use the Orion® Platform product as part of its technology stack, Triarii.
The MSP community we work with mainly uses SolarWinds MSP products, namely RMM and N-central. Based upon SolarWinds’ current investigation, they have found no evidence that the SolarWinds MSP products were vulnerable to the supply chain attack.
While it is possible that our MSP customers or their end-customers may have procured the Orion® Platform product, we are working closely with our MSP partners to ensure that they have not been impacted by this event. We are performing the appropriate diligence in any estate where our monitoring service has been deployed.
Rick Flood, MD Falanx Cyber said, “It doesn’t matter how big or small you are as an organisation, it is imperative that you deploy a 24/7/365 monitored service from a Security Operations Centre (SOC) such as ours, giving yourself the best level of detection and protection that you can.
“We continue to offer our clients a complete range of Offensive and Defensive services, the former including Penetration Testing, Red Teaming, Social Engineering and Training, all of which leverage our ability to emulate attackers. The latter including our range of managed services from Managed EDR through Incident Response to full Detection In Depth with Triarii, all aimed at identifying and mitigating threats around the clock.”