The SolarWinds Orion breach provides a unique opportunity to understand how organizations respond to a high-profile threat that yield important lessons for managing enterprise cybersecurity risks. How many have shut their Orion systems? How many have upgraded their systems to address the vulnerability? While no one has the visibility into the internals of all organizations to answer these questions, analysis of the Orion systems operating on the Internet provide a window into how the world has responded to the threat.
RiskRecon has monitored the exposure and response to SolarWinds Orion through its Internet-scale opensource security intelligence engines. This paper presents RiskRecon’s analysis of the exposure on February 1, 2021, comparing that with exposure on December 13, 2020, the day of the public breach disclosure, and February 1.