EXECUTIVE SUMMARY:
SolarWinds’ CEO, Sundhakar Ramakrishna, is overseeing new, high-caliber cyber security efforts. Initiatives are underway to secure SolarWinds’ internal environments and to ensure the integrity of the company’s software. The goal is to become “secure by design”.
Seven of Solarwinds’ latest cyber security initiatives:
- All new build environments with stricter access controls and deployment mechanisms.
- Additional threat protection and threat hunting software deployed on network endpoints; critical focus on dev environments.
- Enforcement of multi-factor authentication.
- Resetting of credentials for privileged accounts.
- Reset of credentials used to build the Orion platform.
- Additional automated and manual security checks to help ensure that compiled releases align with the company’s source code.
- SolarWinds’ products will be re-signed with new digital certificates.
The company is also hiring cyber security crisis consultants
Cyber security experts Chris Krebs and Alex Stamos recently teamed up to create a brand new cyber security consulting group. Chris Krebs formerly served as the director of the US Cybersecurity and Infrastructure Security Agency (CISA). Alex Stamos is the founder of the Stanford Internet Observatory, and has served as the CISO for Facebook. SolarWinds has just hired the duo to assist with crisis management.
The SolarWinds’ crisis and what to expect
When asked about the SolarWinds compromise, Krebs informed the Financial Times that “This has been a multi-year effort by one of the very best, most sophisticated intelligence operations in the world.”
“It was just one small part of a much larger plan that’s highly sophisticated, so I would be expecting more companies that have been compromised; more techniques that we’re yet to find.”
For more on how SolarWinds is strengthening its security, check out SolarWinds’ blog or visit CRN.
