Addigy’s Continued Commitment to Cybersecurity: Response to the Kaseya VSA Ransomware Attack

Addigy | 07/07/2021

In response to the recent high-profile cyber hacks concerning SolarWinds and the unfolding news of this week’s attack on Kaseya VSA, we would like to take a moment to share the steps that Addigy continues to take to ensure the security of our platform and our customers – and how we continue to evolve our security standards and processes in this ever-changing landscape.

The Addigy team is closely monitoring the Kaseya VSA Ransomware Attack that occurred on July 2, 2021, which leveraged the Kaseya VSA on-premise product to deploy malicious payloads to Windows devices.

While we do not yet know the full extent of the attack, we do know that this is not the first attack leveraging tools within the MSP ecosystem. MSPs continue to be strategic targets for these bad actors and Addigy stands by the MSP community with an unwavering commitment to protecting both our platform and our customers.

Addigy invests extensively in adding multiple layers of security to prevent or limit these types of attacks from happening to or within our own products. We are reviewing the details of this attack to mitigate possible attacks against Addigy.

An Overview of Current Addigy Controls

The Addigy Agent and Addigy Cloud leverage the following technologies to help provide multiple layers of security:

  • All Agent communications are encrypted in transit and at rest using HTTPS with SSL Certificate pinning. This prevents the Agents from receiving communications from anything other than Addigy Cloud using AES-256 encryption.
  • Addigy has implemented Cloudflare for its Web Application Firewall, CDN, and Rate Limiting functionality for additional security.
  • Addigy has implemented a Responsible Disclosure Program, a Private Bug Bounty Program, and penetration testing programs through BugCrowd Cybersecurity Platform.
  • Addigy has implemented stringent security controls based on SOC 2 Type II Compliance Framework.

Addigy is not an on-premise product that requires IT admins to be experts in its server-side source code, web applications, databases, and network security. On-premise software also allows attackers to reverse engineer or access application servers, server-side agent components, and databases. As a true cloud SaaS company, we take on the burden to provide you, your company, and your clients with a secure infrastructure.

Addigy believes these attacks on our partners and counterparts negatively affect the entire IT ecosystem and we stand in solidarity with all IT providers, administrators, vendors, and professionals to fight cybercrime. We are committed to mitigating risk for our partners and customers to ensure a security-first culture.

In the coming months, we commit to providing additional recommendations for Addigy administrators, including steps to establish increased layers of security and implement security best practices for Apple device management. If there are any questions, comments, or concerns, regarding security practices and the controls Addigy has in place to help mitigate risk, please reach out to [email protected].