SolarWinds MSP goes through spin-off process

SolarWinds MSP recently got a new name, N-able. According to the company, the move is part of the SolarWinds parent company spin-off process, initially announced in 2020 to create an independent organization focused on helping managed service providers (MSPs) serve small and mid-sized businesses.

In a note released by the Channele2e website, John Pagliuca, president of SolarWinds MSP, told partners that the purpose of the spin-off is to ensure even greater investments in Research & Development, security, and customer success.

The name N-able dates back to the origins of SolarWinds MSP – the unit was created from the acquisition of the N-able company in 2013 for $120 million in cash. However, the arrival of the new brand came at a critical time for parent company SolarWinds, which in late 2020 fell victim to one of the most complex and longest-running cyber attacks, generating cascading losses. The supply chain attack exploited a vulnerability in the SolarWinds Orion platform and produced a flurry of compromised systems at private sector companies, but especially at major US government agencies.

The Channele2e website highlights that as part of the possible spin-off, SolarWinds MSP was already internally researching the name N-able long before the incident with the SolarWinds Orion platform. The site had known about rumours of the new name previously. According to Pagliuca, there will be a completely separate executive team from the SolarWinds group, as well as independent technical support, partner, and sales teams. The product and R&D teams will have their own leaders and also separate roadmaps and development environments.

To remember

In 2020, SolarWinds was the target of a cyberattack that spread to its customers and went undetected for months. After being alerted by FireEye about the attack it had suffered, the company started working on investigations and released hotfixes within days to fix the Orion platform vulnerability. In January 2021, it also announced a plan to make both the company and its customer community more secure.

However, installing such hotfixes is not synonymous with total security for Orion users. This is a necessary but not a sufficient step. It is not known in detail how the invaders had worked during the period that the attack was active, but out of reach of the spotlight. It is also not known whether and how they may still be working through the backdoors that they possibly opened, which may have broadened the scope of their activities and also reached those who are not Orion users.

Cybersecurity researchers say that spies are likely still active through the breached networks. It is likely that in the breached environments, hackers manipulated Microsoft Active Directory Federation Services, which certifies authorized user identities through digital identity documents called “SAML tokens. These authenticated tokens allow users to move easily between environments, including those of different companies, for example, between different cloud service providers. Being able to manipulate tokens and move quickly between multiple systems without the chance of being easily detected is a recipe full of possibilities for hackers. Fortunately, there are ways to protect yourself with this technique, such as limiting access to computers authorized to issue tokens and ensuring the security of the encryption keys that create those tokens.

Russia has denied any involvement with the breach and former President Donald Trump has suggested, without evidence, that Chinese hackers may be to blame. But the Biden administration has said it may respond to the cyberattack in the coming weeks, which could include action against the Russian government.