wonderfully unique software solutions

How SolarWinds is turning the Orion breach into competitive advantage

When the Orion breach hit the headlines last year, it’s fair to say that few would assume automatically that such an event could turn to SolarWinds‘ benefit.

However, an innovative and focused organisation can leverage a negative event to develop and ‘build back better’. It can become a springboard for learning that generates greater success down the track.

According to Charles Damerell, senior director for the UK and Ireland at SolarWinds, that’s just what the IT management software and remote monitoring tools vendor is doing.

“It doesn’t matter how well established a company is, at some point in this day and age any organisation of complexity will experience some kind of a breach or cyber attack,” he says.

“We’ve brought in expert companies in the cyber security sector such as CrowdStrike and KPMG.

“Their reports and recommendations are also being shared with cyber security experts Chris Krebs and Alex Stamos, from Krebs Stamos Group. As a result we’ve been reviewing and addressing several key areas.”

Krebs is best known as a former director of the US Cybersecurity and Infrastructure Security Agency; Stamos is the founder of the Stanford Internet Observatory and was once chief security officer at Facebook.

SolarWinds’ investigation proved that Sunburst malware had exploited vulnerabilities in the Orion Platform — yet the malware was inserted into the build code, not the source code.

SolarWinds quickly released multiple hotfixes for current-version users as well as updates for all other supported versions of Orion Platform products and a fix for customers on unsupported versions.

Added areas of focus include accelerating the move to cloud and away from the hybrid cloud environment.

Damerell highlights deep audit of on-premise and cloud capabilities, improvements around authentication, with JIT provision and access and strong multi-factor authentication, as well as enhanced conditional access policies.

SolarWinds has also moved towards recording forensic artifacts at every step, with specific functions chosen, reviewed and worked backwards, he notes.

A new chief executive officer, Sudhakar Ramakrishna, took the reins from Kevin Thompson in January. Ramakrishna instigated the involvement of external experts and brought “an openness to look at and address the necessary changes”, Damerell says.

“Given all of the external expert and independent perspectives, I think we can safely state that SolarWinds is one of the leading secure-by-design enterprise software vendors today, retaining market-leading status in our unique space,” he says.

Dave Stevinson, chief executive officer at SolarWinds partner QBS Software, says both QBS and SolarWinds have built their businesses around helping technology professionals solve today’s IT challenges.

“We at QBS are even more committed to SolarWinds after the recent breach on Orion. I strongly believe that the corrective action coupled with the preventative measures will make SolarWinds an even more important solution for IT professionals,” he says.

(Photo by JOHN TOWNER on Unsplash)

Recent Articles

Octopus Deploy deprecates Server authentication, certifies with HashiCorp

Devops-focused config management company Octopus Deploy has rounded off November with a trio of updates -- affecting Octopus Server developers, HashiCorp Vault...

SolarWinds and HCL expand enterprise AI for IT ops partnership

Infrastructure applications vendor SolarWinds and HCL Software are expanding their work together delivering enterprise AI and ITops management offerings.

N-able expands channel push with accelerated global support

Remote monitoring and management (RMM) specialist N-able is ramping up its support fot the distribution channel worldwide in a bid to increase...

Keeper Security finds multiple weekly cyberattacks on UK professional services

The IT systems of UK-based professional services and financial services providers are often attacked many times each week, according to a Keeper...

JetBrains previews new IntelliJ based Fleet IDE and editor

Developer tools company JetBrains has opened up public preview access to its Fleet integrated development environment (IDE) and editor.

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox