 Tom here from Orange Systems and let's talk business for a minute here specifically around solar winds and Obviously, I have real business is inch to make around this and this questions come up all over the place and right here on red It's another person MSPs using the unaffected solar winds products What now and what they're referring to is solar winds had a major security breach that went unnoticed for quite a while in There specifically in their Orion Monitoring tools that they sell that's primarily used by internal enterprise level IT matter of fact I have a whole video on it where you dive into it But the question becomes if solar winds Orion was breached does that means solar winds was breached? And does that mean we shouldn't trust any of their products that's not as easy to answer as you might think and Let's talk about a couple quick history things because I love these questions that come up Or shouldn't we just switch what tool stack we use as a managed service provider as an IT? Technology company that provides IT support for outside companies solar winds has got a really popular tool stack They're one of the biggest in the business next to Kaseya next to connect-wise But let's talk about Kaseya and connect-wise because if people actually could remember things They would remember two years ago Kaseya was not only compromised They were distributing crypto miners because back then it wasn't about ransomware It was about how can we install a crypto miner and that was a great way to make money in 2018 so they had a breach Are you still using Kaseya? Of course if you go back to 2018 there's a ton of comments and everyone going well I'm never using this again I'm switching over to insert name of next product until they're in the news and then they go back and you know Switch to Kaseya again. I guess Then we have over here the actual security update from Kaseya I'll leave links to these if you want to dig through the history and I cover this one here over at connect-wise because you're Connect-wise is the one to trust No, that incident with Bishop Fox and connect-wise and connect-wise Handling of this incident was tragically bad But there's good light at the end of tunnel connect-wise decided to come out with a whole program on it I covered even some of the problems connect-wise had with the fact that you could get around some of their 2fa stuff Just by sending an email to support and obviously that was a big glaring hole and connect-wise There went from misbehaving as a company going we should probably have a better security program It doesn't threaten legal action every time a security researcher like Bishop Fox context is about a problem That brings me back over to solar winds They're obviously because this incident was only discovered days ago really in the news and Right now as of December 16th. We don't know of any problems December 16 2020 just to be clear We don't know of any problems in the MSP stack I also want to comment on solar winds as a company and something to think about here Now solar winds was built through acquisition. I didn't choose solar winds solar winds chose to buy the companies I was using for my MSP tools So if you remember hound dog, which was part of GFI and max focus and all these different companies that were out there They were all acquisitions by solar winds and if you've worked in corporate or dealt with corporate companies One day you're working for a company called backs focus or GFI or whichever company they acquired at that time You come in to work the next day and there's a new sign on your building. That's actually how a lot of this Happens solar winds was built by acquisition. This is an important thing to think about how a company was built now from a business standpoint You cancel out costs by sharing an HR department and sharing certain resources that are going to be common between the companies But if you have a siloed company that is making money their acquisition out was probably to Increase marketing another shared resource, but not necessarily share technical teams between them It isn't like automatically when they acquired the tool stack that I have that the people who were already working on Orion Which was a long-standing existing product in the solar winds stack Those teams are just all working in one big room together the number of employees at these large companies is Staggering to really think about and if you're only thinking in small business terms when you look at a merger of like two small companies That only have four people in each company and now they have eight Yeah, they probably used sharing a building as a resource to save money and they probably do crossover a lot I don't know what level of crossover exactly solar winds has but the talk of the town only a few months ago Was the fact that solar winds MSP is going to be its own individual company and they're breaking it out And let me dive into that a little bit more Right here is the solar winds corporation q3 2020 earnings call from earnings call It's conversation with the CEO kind of setting the standard and what's going out of the company and hey How much money do you guys make and what's your future plans? We'll dive right to this part here But of course I'll leave a link to this entire transcript if you want to hear what they were talking about back then But the important part was regarding the split This was a question asked by an unknown speaker on the call and this is answered by the CEO of the company We haven't heard anything from our customers about the potential split of business in terms of you know Whether or not there was a problem with it. It's that's what the unknown caller had asked I think it really comes down to the fact that we've been running the business in two units for a while The MSP market is very very specific market And this is true anyone who works in MSP knows internal IT teams and external MSP companies They operate with different sets of needs different types of marketing and I bring this up because essentially like I just said They operate kind of still as a silo so they want to split them off So you can understand the margins from a complete business standpoint of how did our Internal tools team sell things like Orion for example And how did the other market sell to the MSP market once again noting that they're kind of separate now This does not mean that I know for fact that solar winds tools are completely safe Or that I know for fact that any insert name of company because say I connect wise whichever one you choose is completely safe I will tell you this from my own perspective I bet they're going through and you know this too if you work in IT the audit from hell solar winds Orion was basically in Every large government agency many of the fortune 1,000 companies are using and I think I'd said in the other video Something like over 400 of the fortune 500 companies use it This breach is huge and obviously going to dominate the news for a little while But this also means you're going to go through one of the most thorough and painstaking audits ever Exacted on a tools company probably and that also kind of builds me a little bit of confidence Like if they're going to find something they're going to find it You have lots of other people I've talked to at other cyber security companies digging deep into it looking for evidence That this occurred anywhere else the nature of the attack seemed to be so specific and the fact that they were using Steganography to hide what they were doing Probably means they really focused on Orion they had a list of targets They were doing this as stealth and quiet as possible Dropping a bunch of stuff on the MSP stack would create a lot of noise and end up all over the place Which probably sounds different than the goal of the threat actor doesn't mean it's a guarantee We're doing speculative thinking here, but the other side of that is they minted the certs We know they got a whole the search server those sorts have been invalidated and no search We're also not the same ones used on the MSP side So there were very different on how everything was signing which also leads us to and we need confirmation of solar winds Of course to the level of separation that these companies have already that they kind of work Individually back to my saying what they're gonna split and show them as separate companies So for now, I'm gonna stay with solar winds. That's my feelings on it Doesn't mean I'm not going to be hyper vigilant watching because obviously this is a great concern But there's not anything that makes me think I should go through all the trouble of moving all of our endpoints And everything over to a different system because as I pointed out those systems All are run by people fingers on keyboards all potential risks at any given moment matter of fact any of these companies and because they like I mentioned beginning they went through some pretty hard times and Really bad publicity by the fact that they were Massively installing crypto miners on people's computers. This is obviously a huge breach someone breach their system Don't know the details. I don't remember how they debriefed it because it's been a couple years But in short, I mean they pushed out a lot of confidence to bring customer base back and people kind of said the same thing We're all leaving but I bet a lot of people didn't even leave It's just the sexiness of outrage, you know, we have to get our fingers on keyboards It's not like we're doing our due diligence But honestly from a business perspective due diligence right now. I kind of want to stay and hold, you know playing poker here See, I want to stay with this company for a little bit longer or maybe a lot longer I don't know we're gonna have to see how the outcome is jumping ship They may find that this tool was used by one of the other MSPs and they were breached with this tool Wouldn't that be an interesting twist on this? We don't know and this is just all part of it It's all a lot of decisions and these are my decisions as of right now December 16th. I'm still hyper vigilant I'm still diving into this and I'm still reading the comments and you know having discussions with people online because this is Really an important topic, but you have to always be thinking about it from the future and from the business standpoint It's really easy to sit by the sidelines and mash a keyboard get your cap sock on and say they were probably doing something stupid Security is really hard. It's actually way easier to be on the hacker side to some extent because you have to be right all the time You have a thousands of employees. I have to make sure none of them are inside threat actors You have thousands of things you're distributing and websites and servers Distributed all over the place between multiple buildings and I have to make sure everything was done right Hacking is poke away just fuzz everything trek everything wait for one person to mess up or in the case of some inside threat actors pay somebody off That's think about how many employees you have is one of them angry is one of those thousands of people Going to this and you know, you don't know it's really really difficult It's a challenge of the market. It's why we stay hyper vigilant on this But I just want to throw this out there kind of as a reply to some of the people asking Do you stay with them? It's it's a big deal and I for now gonna stay that's my opinion You can still of course be entitled to yours, but this is how I feel about the company and where I'm at right now As of December 16th 2020. Thanks and thank you for making it to the end of the video If you like this video, please give it a thumbs up If you like to see more content from the channel hit the subscribe button and hit the bell icon If you like YouTube to notify you when new videos come out If you like to hire us head over to laurancesystems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Where we can carry on the discussion about this video other videos or other tech topics in general Even suggestions for new videos. They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again Thanks for watching and see you next time