Table of Contents
This week, an unfortunate incident got reported by the cybersecurity firm FireEye. According to FireEye, FireEye’s system was hacked via a product they were using, called Orion. Orion is SolarWinds’ most popular product, bringing in more than 50% of their revenue every year.
It is believed that hackers funded by foreign governments compromised the networks of both public and private organizations via their SolarWinds monitoring service. They were able to gain access to the SolarWinds update servers via a breach in the password, which was just “solarwinds123”.
The attackers strategically placed malware onto Orion, and used it to get a god-like view into every system where the product was used, including American government networks.
MetricFire as a SolarWinds Alternative
MetricFire is a great SolarWinds Alternative. Most monitoring tools these days, such as AppDynamics or Datadog, are focused on monitoring application metrics or servers. SolarWinds Alternatives must be capable of doing network monitoring as a priority.
MetricFire’s agent is focused on monitoring networks, and some of our biggest customers use MetricFire primarily for network monitoring. We’ve even seen major customers migrate off of SolarWinds and come to us for better dashboards, and better service.
Role of SolarWinds in the Breach
The systems were compromised through updates to a widely-used IT infrastructure management software - the Orion network monitoring product from SolarWinds. SolarWinds published a press release admitting to the breach, acknowledging that Orion update versions 2019.4 through 2020.2.1 released between March 2020 and June 2020 have been infected with malware.
SolarWinds have recommended customers to upgrade to Orion Platform version 2020.2.1 HF to mitigate the vulnerabilities that existed in the previous versions.
The U.S. government called on all Federal civilian agencies to power down SolarWinds Orion products immediately as a result of this active security exploit.
The victims included many governments, consulting, telecom and technology firms across the World.
Security at MetricFire
At MetricFire, we take the privacy of the users and security of our systems very seriously. To make sure our customers are not vulnerable, we are constantly vigilant for breaches of our systems. Also, we follow these principles to ensure the safety of everyone:
- Open Source at Heart: Our foundations are built on open source tools such as Linux / Graphite / Grafana. The cycle time to discover a vulnerability and patch it is much quicker with open source systems compared to systems which are built on proprietary software such as SolarWinds.
- Reliance of Linux: Our system runs on Linux Operating System and it’s not a secret that it is the most secure Operating System available.
- On-Premises Available: Keeping network monitoring on-premises gives our security sensitive customers an additional level of control that cloud based solutions can’t offer.
- Use of secure cryptographic standards: At MetricFire, we use the most secure cryptographic standards to secure data both at rest and in-transit. This ensures that it cannot be eavesdropped by “man in the middle” attacks. Even if the data is retrieved / stolen somehow, it will be computationally and prohibitively expensive to recover the data into its original form.
Apart from the above points, we work with leading security partners to continuously perform penetration testing on our systems to plug any loopholes. We also have a team of engineers who actively look for any vulnerabilities in our products and update them as soon as possible whenever they find something.
If you aren’t currently a customer of MetricFire, have a look at our blog article Security Your Monitoring Infrastructure for ways to harden your monitoring infrastructure.
MetricFire sees customers migrating from SolarWinds to MetricFire regularly. MetricFire is a great SolarWinds alternative because Graphite is built to collect SNMP data from networks, making us well suited to network monitoring. But not only are we great for network monitoring, MetricFire can also be used to monitor systems, user experience, business metrics and more.
MetricFire brings in a wide range of functionality, as well as easy-to-use dashboards. One of our customers migrated to MetricFire from SolarWinds for the great dashboards and cost-saving opportunity.
If you have time constraints and want to work efficiently and effectively, MetricFire allows you to sleep soundly thanks to its 24/7 team that constantly monitors the security of your monitoring infrastructure and applies continuous updates to keep up with the best-in-class standards. Check out MetricFire’s demo or free trial for more!