wonderfully unique software solutions

How SolarWinds is turning the Orion breach into competitive advantage

When the Orion breach hit the headlines last year, it’s fair to say that few would assume automatically that such an event could turn to SolarWinds‘ benefit.

However, an innovative and focused organisation can leverage a negative event to develop and ‘build back better’. It can become a springboard for learning that generates greater success down the track.

According to Charles Damerell, senior director for the UK and Ireland at SolarWinds, that’s just what the IT management software and remote monitoring tools vendor is doing.

“It doesn’t matter how well established a company is, at some point in this day and age any organisation of complexity will experience some kind of a breach or cyber attack,” he says.

“We’ve brought in expert companies in the cyber security sector such as CrowdStrike and KPMG.

“Their reports and recommendations are also being shared with cyber security experts Chris Krebs and Alex Stamos, from Krebs Stamos Group. As a result we’ve been reviewing and addressing several key areas.”

Krebs is best known as a former director of the US Cybersecurity and Infrastructure Security Agency; Stamos is the founder of the Stanford Internet Observatory and was once chief security officer at Facebook.

SolarWinds’ investigation proved that Sunburst malware had exploited vulnerabilities in the Orion Platform — yet the malware was inserted into the build code, not the source code.

SolarWinds quickly released multiple hotfixes for current-version users as well as updates for all other supported versions of Orion Platform products and a fix for customers on unsupported versions.

Added areas of focus include accelerating the move to cloud and away from the hybrid cloud environment.

Damerell highlights deep audit of on-premise and cloud capabilities, improvements around authentication, with JIT provision and access and strong multi-factor authentication, as well as enhanced conditional access policies.

SolarWinds has also moved towards recording forensic artifacts at every step, with specific functions chosen, reviewed and worked backwards, he notes.

A new chief executive officer, Sudhakar Ramakrishna, took the reins from Kevin Thompson in January. Ramakrishna instigated the involvement of external experts and brought “an openness to look at and address the necessary changes”, Damerell says.

“Given all of the external expert and independent perspectives, I think we can safely state that SolarWinds is one of the leading secure-by-design enterprise software vendors today, retaining market-leading status in our unique space,” he says.

Dave Stevinson, chief executive officer at SolarWinds partner QBS Software, says both QBS and SolarWinds have built their businesses around helping technology professionals solve today’s IT challenges.

“We at QBS are even more committed to SolarWinds after the recent breach on Orion. I strongly believe that the corrective action coupled with the preventative measures will make SolarWinds an even more important solution for IT professionals,” he says.

(Photo by JOHN TOWNER on Unsplash)

Recent Articles

Agreement management vendor DocuSign to add AI with Lexion buy

Cloud documentation management software company DocuSign has agreed to acquire Lexion, rolling the latter's AI capabilities into its DocuSign Intelligent Agreement Management...

LastPass urges SMBs to tackle human cyber vulnerabilities

SMBs are more proactive yet still aren't patching cybersecurity gaps caused by the "human factor" -- that is, based on human psychology...

Four core GFI business manager applications add AI co-pilot

GFI Software has integrated AI co-pilot capabilities into four of its key business-focused applications with a view to optimised network performance and...

Extended detection and response (XDR) has become vital, says Stormshield

Extended detection and response technologies (XDR) have become a vitally important shield for all companies, according to sovereignty focused data, network and...

Is OSCP or CEH the best security certification for staff? CBT Nuggets explains

Deciding between Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) cybersecurity skills certifications can be "make or break" for staff,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox