18 December,20 at 10:28 PM
The internal investigation included the review of Centrify environments and networks to verify there is no use of the affected SolarWinds versions in any environment. Centrify reviewed the SolarWinds Security Advisory and the CISA Emergency Directive, and we confirmed with relevant government agencies that we are not affected.
We are continuing to monitor the breach for potential impact, defensive recommendations, and mitigating measures. As a preventive measure, we increased monitoring, including network traffic and access. Centrify is also monitoring vendors to determine whether they are impacted, steps vendors are taking, and mitigating actions for Centrify.