Eighty-seven percent of SolarWinds customers renewed maintenance contracts with the company in the first quarter of 2021 despite a massive cyberattack that compromised many high-profile customers.
The IT infrastructure management vendor had as recently as February been expecting renewal rates in the low-to-mid 80 percent range for all of 2021, well below the company’s historical renewal rates of more than 90 percent. But after hearing about the company’s security investments, the vast majority of SolarWinds customers have opted for renewal, including those in the federal space.
“We are seeing engagement with our federal customers,” SolarWinds CFO Barton Kalsu told investors Thursday. “We are having to work probably a little bit harder with that base, but we are renewing that customer base as well.”
The email security vendor on Tuesday became one of the first SolarWinds hack victims to publicly announce they’re dumping the industry-leading Orion network monitoring platform for a competing product. Industry experts had considered it unlikely that the hack would lead to many customers getting rid of SolarWinds due to the unique visibility and monitoring features Orion offers.
SolarWinds told CRN the vast majority of its customers continue to operate the Orion Platform, and the company said it’s taking all appropriate steps to protect them. Mimecast declined to comment further on the switch from Orion to NetFlow, and Cisco and SolarWinds didn’t immediately respond to CRN USA requests for comment. Cisco NetFlow has since 1996 given visibility into how network assets are being used, with a focus on figuring out who is using the network, the destination of traffic, when the network is utilized, and the type of applications consuming bandwidth.
Hackers also managed to access a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials.
“In addition, the threat actor accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” the company added.
Mimecast added that it had no evidence that the threat actor accessed email or archive content held by the company on behalf of its customers.
The company was notified by Microsoft in January that a certificate it provided to customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services had been compromised by a threat actor Microsoft was actively investigating.
Get Permission Email security vendor Mimecast, which was targeted by the SolarWinds supply chain hack in January, reports in a Tuesday update that the hackers used the Sunburst backdoor as an initial attack vector to steal source code. But Mimecast says it found no evidence of any modifications to our source code nor do we believe there was any impact on our products.
Mimecast reports that the hackers used the backdoor installed in SolarWinds Orion network monitoring tool to gain partial access to its production environment.
The Tuesday update also notes: The threat actor accessed certain Mimecast-issued certificates and related customer server connection information. The threat actor also accessed a subset of email addresses and other contact information, as well as encrypted and/or hashed and salted credentials.
Signs up for Cisco, says some encrypted creds were stolen
Gareth Corfield Wed 17 Mar 2021 // 18:30 UTC Share
Copy
Email security biz Mimecast has dumped SolarWinds network monitoring tool in favour of Cisco s Netflow product after falling victim to the infamous December supply chain attack.
In an incident report detailing its experiences of the SolarWinds compromise, Mimecast said it had decommissioned SolarWinds Orion and replaced it with an alternative NetFlow monitoring system .
On top of that, the email security firm also junked a number of compromised servers, while admitting that the potentially Russian attackers had accessed a subset of email addresses and other contact information , customer server connection information , and encrypted and/or hashed and salted credentials as well as viewing source code repositories and Mimecast-issued certificates.