wonderfully unique software solutions

How SolarWinds is turning the Orion breach into competitive advantage

When the Orion breach hit the headlines last year, it’s fair to say that few would assume automatically that such an event could turn to SolarWinds‘ benefit.

However, an innovative and focused organisation can leverage a negative event to develop and ‘build back better’. It can become a springboard for learning that generates greater success down the track.

According to Charles Damerell, senior director for the UK and Ireland at SolarWinds, that’s just what the IT management software and remote monitoring tools vendor is doing.

“It doesn’t matter how well established a company is, at some point in this day and age any organisation of complexity will experience some kind of a breach or cyber attack,” he says.

“We’ve brought in expert companies in the cyber security sector such as CrowdStrike and KPMG.

“Their reports and recommendations are also being shared with cyber security experts Chris Krebs and Alex Stamos, from Krebs Stamos Group. As a result we’ve been reviewing and addressing several key areas.”

Krebs is best known as a former director of the US Cybersecurity and Infrastructure Security Agency; Stamos is the founder of the Stanford Internet Observatory and was once chief security officer at Facebook.

SolarWinds’ investigation proved that Sunburst malware had exploited vulnerabilities in the Orion Platform — yet the malware was inserted into the build code, not the source code.

SolarWinds quickly released multiple hotfixes for current-version users as well as updates for all other supported versions of Orion Platform products and a fix for customers on unsupported versions.

Added areas of focus include accelerating the move to cloud and away from the hybrid cloud environment.

Damerell highlights deep audit of on-premise and cloud capabilities, improvements around authentication, with JIT provision and access and strong multi-factor authentication, as well as enhanced conditional access policies.

SolarWinds has also moved towards recording forensic artifacts at every step, with specific functions chosen, reviewed and worked backwards, he notes.

A new chief executive officer, Sudhakar Ramakrishna, took the reins from Kevin Thompson in January. Ramakrishna instigated the involvement of external experts and brought “an openness to look at and address the necessary changes”, Damerell says.

“Given all of the external expert and independent perspectives, I think we can safely state that SolarWinds is one of the leading secure-by-design enterprise software vendors today, retaining market-leading status in our unique space,” he says.

Dave Stevinson, chief executive officer at SolarWinds partner QBS Software, says both QBS and SolarWinds have built their businesses around helping technology professionals solve today’s IT challenges.

“We at QBS are even more committed to SolarWinds after the recent breach on Orion. I strongly believe that the corrective action coupled with the preventative measures will make SolarWinds an even more important solution for IT professionals,” he says.

(Photo by JOHN TOWNER on Unsplash)

Recent Articles

Usecure builds security awareness focus, adds platform functionalities

MSP-focused security vendor Usecure is continuing to expand the capabilities of its human risk management focused software for partners.

Phishing attacks still plague common file types, Hornetsecurity warns

Phishing via archive, HTML, Excel or PDF files remain the leading email-based cyber attack on organisations, according to cybersecurity specialists at Hornetsecurity.

How TechSmith video-based learning can boost diversity and inclusion

When Hillsborough Community College in the USA wanted to create a remote-learning platform to assist students who use sign language, it turned...

Opswat uprates security for AWS partners in the cloud

Operations tech (OT) and industrial cybersecurity vendor Opswat, maker of MetaDefender, has been expanding and deepening its relationships with Amazon Web Services...

TeamViewer and Siemens to collaborate on augmented, mixed reality

TeamViewer is teaming up with Siemens on augmented and mixed reality (AR/MR) for the product lifecycle management space. The...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox