wonderfully unique software solutions

How SolarWinds is turning the Orion breach into competitive advantage

When the Orion breach hit the headlines last year, it’s fair to say that few would assume automatically that such an event could turn to SolarWinds‘ benefit.

However, an innovative and focused organisation can leverage a negative event to develop and ‘build back better’. It can become a springboard for learning that generates greater success down the track.

According to Charles Damerell, senior director for the UK and Ireland at SolarWinds, that’s just what the IT management software and remote monitoring tools vendor is doing.

“It doesn’t matter how well established a company is, at some point in this day and age any organisation of complexity will experience some kind of a breach or cyber attack,” he says.

“We’ve brought in expert companies in the cyber security sector such as CrowdStrike and KPMG.

“Their reports and recommendations are also being shared with cyber security experts Chris Krebs and Alex Stamos, from Krebs Stamos Group. As a result we’ve been reviewing and addressing several key areas.”

Krebs is best known as a former director of the US Cybersecurity and Infrastructure Security Agency; Stamos is the founder of the Stanford Internet Observatory and was once chief security officer at Facebook.

SolarWinds’ investigation proved that Sunburst malware had exploited vulnerabilities in the Orion Platform — yet the malware was inserted into the build code, not the source code.

SolarWinds quickly released multiple hotfixes for current-version users as well as updates for all other supported versions of Orion Platform products and a fix for customers on unsupported versions.

Added areas of focus include accelerating the move to cloud and away from the hybrid cloud environment.

Damerell highlights deep audit of on-premise and cloud capabilities, improvements around authentication, with JIT provision and access and strong multi-factor authentication, as well as enhanced conditional access policies.

SolarWinds has also moved towards recording forensic artifacts at every step, with specific functions chosen, reviewed and worked backwards, he notes.

A new chief executive officer, Sudhakar Ramakrishna, took the reins from Kevin Thompson in January. Ramakrishna instigated the involvement of external experts and brought “an openness to look at and address the necessary changes”, Damerell says.

“Given all of the external expert and independent perspectives, I think we can safely state that SolarWinds is one of the leading secure-by-design enterprise software vendors today, retaining market-leading status in our unique space,” he says.

Dave Stevinson, chief executive officer at SolarWinds partner QBS Software, says both QBS and SolarWinds have built their businesses around helping technology professionals solve today’s IT challenges.

“We at QBS are even more committed to SolarWinds after the recent breach on Orion. I strongly believe that the corrective action coupled with the preventative measures will make SolarWinds an even more important solution for IT professionals,” he says.

(Photo by JOHN TOWNER on Unsplash)

Recent Articles

CoSoSys warns firms to watch for insider and leaver threats

When employees leave the company, does the organisation's data leave with them? CoSoSys, vendor of Endpoint Protector data loss prevention (DLP) software...

Government partner praises ShareGate benefits for SharePoint and Teams

When a vendor with US government business in its sights sought cloud migration with efficiently managed and monitored SharePoint content, it turned...

Secudos updates Qiata for secure and compliant file exchange

Secure file transfer specialist Secudos has rolled out further updates to its Qiata platform, upgrading secure file management capabilities.

United Airlines hails DocuSign for ‘seamless’ HR integrations

Major US-based airline United has collaborated on a customer case study for e-agreements in the cloud with vendor Docusign.

Bluebeam rolls out new Revu, bolstering building site logistics

Construction project management application Revu from Bluebeam has been refreshed with an array of new markup and collaboration features, the vendor said.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox