SolarWinds CEO Sudhakar Ramakrishna lays out his vision for a â€˜secure by design’ culture as the company recovers from the massive cyber incident that sent shockwaves across the tech ecosystem.
A month after the high-profile SolarWinds breach was disclosed, the tech firm is now undertaking a company-wide transformation of its critical business and product development systems in a bid to become â€˜secure by design.’
The sophisticated supply-chain attack left a massive impact on the tech community, showing how even storied businesses can be easily victimized. The hack, one of the larger and more devastating attacks seen in recent times, impacted nearly 10 federal government agencies and infected 18,000 systems. Interestingly, the number of SolarWinds Orion servers began risingOpens a new window after the breach in mid-December.
The malware spread through the software updates of SolarWinds’ network monitoring product Orion. What’s more concerning is that SolarWinds, a leading provider of data management and network security solutions that have a reputation for being impregnable, fell foul of a massive cyberattack.
According to the newly minted cyber task force, the Cyber Unified Coordination Group (UCG), the attack was a part of a massive cyber espionage campaign perpetrated against both public and private U.S. organizations for intelligence gathering.
â€œThis work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,â€ the UCG said in a statement.
Now, with a new CEO Sudhakar RamakrishnaOpens a new window at the helm, the network solutions provider seeks to build its business back and restore customer confidence with key cyber initiatives.
Ramakrishna joined earlier this month, and he certainly has inherited a mess. â€œAlthough I accepted the position to become CEO before the Company was notified of the cyberattack, I feel an even greater commitment now to taking action, ensuring we learn from this experience, and continuing to deliver for our customers,â€ he noted in a blog postOpens a new window .
Thankfully, Ramakrishna is experienced in dealing with cybersecurity incidents during his tenure as the head of cybersecurity vendor Pulse SecureOpens a new window , a leading zero trust solution provider. In his previous stint, Ramakrishna had to mitigate the ramifications of a VPN leak. He wrote the incident enabled him to lead with â€œhumility, ownership, transparency, focused action, and bias towards customer safety and security.â€
Ramakrishna, who is working directly with the SolarWinds team, plans to create a new architecture that can fight off threats lurking in the software and nix malware in its tracks.
Let’s dig into the key cybersecurity initiatives announced by the new CEO:
Securing the SolarWindsÂ InternalÂ Environment
First off, supplementary threat protection and threat hunting software will be leveraged to protect network endpoints, and a special emphasis is placed on securing the company’s development environment.
The company also plans to reset user credentials for everyone across the corporate and product development teams. Not just that, users with privileged accounts and every account involved in the development of Orion will receive new credentials.
Additionally, SolarWinds will consolidate its internal network accessibility (remote and cloud) through multi-factor authentication (MFA).
Enhancing the Product Development Environment
SolarWinds will continue to forensically analyze its product development environments to identify and remediate the breach’s root cause.
Meanwhile, all affected companies should update respective Orion setups, used in network monitoring, to update the latest build released in the aftermath of the December breach. And even as the release fixes the immediate threat, the Department of Homeland Security, in their supplemental guidance, advised rebuilding of the entire Orion environment.
That’s also what SolarWinds will be doing. The company will move to an entirely new build environment with stricter access controls and deploy mechanisms to allow reproducible builds from multiple independent pipelines.
Software Security and Integrity
Going forward, SolarWinds will re-sign all Orion, its related products, and all other products with new digital certificates.
To ensure that the compilation in the final build release of software matches the intended source code, the company will enforce automated and manual checks. Additionally, the company will rope in white hat communities to â€œquickly identify, report, and remediate security issues across the entire SolarWinds portfolio.â€
SolarWinds will also expand the vulnerability management program and leverage penetration testing of Orion and related products.
However, Ramakrishna did not explain whether he plans to bring the engineering back to the U.S. His predecessor Kevin ThompsonOpens a new window had transferred engineering to satellite offices in the Czech Republic, Poland, and Belarus as part of its cost-cutting efforts.
We have already engaged in helping understand and recover from what looks to be one of the most serious foreign intrusion campaigns in history, and we will be helping others learn from this attack. (2/4)
â€” Alex Stamos (@alexstamos) January 8, 2021Opens a new window
SolarWinds also hired the former Director of the Cybersecurity and Infrastructure Security Agency (CISA) Chris KrebsOpens a new window and Facebook exChief Security Officer Alex StamosOpens a new window as part of the threat mitigation efforts. â€œThis has been a multi-year effort by one of the very best, the most sophisticated intelligence operations in the world,â€ Krebs told the Financial TimesOpens a new window . â€œIt was just one small part of a much larger plan that’s highly sophisticated, so I would be expecting more companies that have been compromised; more techniques that we’re yet to find.â€