This article is part of our Essential Guide: SolarWinds breach news center

New SolarWinds CEO sets out rescue plan

Customers can expect to see more regular and thorough checks on SolarWinds products, alongside greater engagement with the security community

Sudhakar Ramakrishna, the recently installed CEO of SolarWinds – the firm whose Orion network management platform is at the centre of the international Solorigate/Sunburst cyber attack – has set out plans to enhance both the company’s approach to its own security and to reinforce its duty of care to its customer base.

Ramakrishna, who took up the post at the beginning of January 2021, having accepted the role prior to news of the attack breaking, joined SolarWinds from Pulse Secure, chiefly known as a supplier of secure access tools.

In a blog post setting out his immediate plans, Ramakrishna said he had dealt with many highly visible security incidents down through the years, and always sought to let “humility, ownership, transparency, focused action, and bias towards customer safety and security” be his guiding principles, something he hoped to replicate at SolarWinds.

“I have made it a priority to support and continue the SolarWinds investigation of this incident in cooperation with important stakeholders – including industry colleagues, third-party cyber security experts, law enforcement, and intelligence agencies around the world,” he wrote.

“By far, my most important commitment is to help our customers and partners navigate this challenge with the help and support of the entire SolarWinds team.

“Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. I am doing that by working directly with the SolarWinds team to lead the immediate improvement of critical business and product development systems, with the goal of making SolarWinds an enterprise software industry security leader.

“These transformative efforts will require tremendous focus on security programmes, policies, teams and culture,” said Ramakrishna.

The firm has engaged a number of cyber security experts already, including forensics expertise from CrowdStrike, alongside ex US government security lead Chris Krebs – fired by outgoing president Donald Trump after clashing with him over election security – and former Facebook security chief Alex Stamos, who last week launched their own consultancy, KS Group.

Ramakrishna explained his ambition was to transform SolarWinds into a truly “secure by design” organisation, and to this end is focusing the firm’s internal efforts on three key areas. These are to further secure its internal environment, enhance its product development environment, and ensure the integrity of its services and solutions.

In more concrete terms, SolarWinds is deploying more robust threat protection and detection tools across all its network endpoints, with a particular focus on its development environments, resetting credentials for all its users in corporate and development domains, including privileged accounts and all accounts used by anybody who had anything to do with Orion.

It is also taking steps to consolidate remote and cloud access avenues for accessing its network and apps by enforcing multifactor authentication (MFA) across the board.

With regard to its product development environment, it is currently continuing the forensic investigation to identify the root cause of the breach, and will in future move to a new build environment with tighter access controls. It will also deploy mechanisms to “a allow for reproducible builds from multiple independent pipelines”.

In regard to its customer-facing products and services, SolarWinds will in future introduce new automated and manual checks to make sure compiled releases match its source code, and will re-sign all Orion software and related products with new digital certificates. Its vulnerability management programme is also being greatly expanded, alongside more extensive penetration testing, code analysis and more engagement with the ethical hacking community.

“We expect these efforts and plans to guide our journey to becoming an even safer and more secure company, and we understand that there is much more work to be done. In the coming weeks, we will plan to share further plans and programmes that we believe will help us achieve that goal,” wrote Ramakrishna.

Read more about Solorigate/Sunburst

  • Researchers say they have found specific code similarities between the Solorigate/Sunburst malware and the Kazuar backdoor, suggesting some relationship.
  • SearchSecurity’s Risk & Repeat podcast discusses the fallout from the SolarWinds backdoor attacks as new victims and additional information have come to light.
  • The SolarWinds hack shows the widespread damage possible from a nation state cyber attack. What is the threat to business and how can it be mitigated?

Next Steps

Risk & Repeat: Recapping RSA Conference 2021

SolarWinds response team recounts early days of attack

SolarWinds CEO: Breach transparency 'painful' but necessary

Read more on Hackers and cybercrime prevention