As the SolarWinds data breach saga continues to unfold, the company has announced it will be making some significant changes related to cybersecurity.
If you are not familiar with the current situation for SolarWinds, go ahead and read these recent SecureWorld articles about the breach here, and the follow up here.
SolarWinds new CEO speaks out
SolarWinds recently announced the hiring of a new CEO, Sudhakar Ramakrishna. Ramakrishna accepted the position before the company was notified of the breach, and aims to learn and grow from this experience with the company.
Here is what he had to say regarding the recent breach:
"In my most recent role as CEO of Pulse Secure, and in other executive assignments, I have dealt with highly visible security breaches. In these instances, I have sought to let humility, ownership, transparency, focused action, and bias towards customer safety and security be my guiding principles. It is my goal to bring this same approach to bear here at SolarWinds.
It is in this spirit that I have made it a priority to support and continue the SolarWinds investigation of this incident in cooperation with important stakeholders—including industry colleagues, third-party cybersecurity experts, law enforcement, and intelligence agencies around the world."
He also acknowledged the customer is of utmost important in situations like these.
"By far, my most important commitment is to help our customers and partners navigate this challenge with the help and support of the entire SolarWinds team.
Armed with what we have learned of this attack, we are also reflecting on our own security practices and seeking opportunities to enhance our posture and policies. I am doing that by working directly with the SolarWinds team to lead the immediate improvement of critical business and product development systems, with the goal of making SolarWinds an enterprise software industry security leader. These transformative efforts will require tremendous focus on security programs, policies, teams, and culture."
11 SolarWinds security changes following cyberattack
SolarWinds says it has reached out to leading security experts for guidance during their incident response process.
The company has identified three primary areas for improvement:
- "Further securing our internal environment
- Enhancing our product development environment
- Ensuring the security and integrity of the products we deliver"
And SolarWinds identified 11 immediate actions the company must take in order to achieve the improvements it is seeking. These include:
- "Deploying additional, robust threat protection and threat hunting software on all our network endpoints, including a critical focus on our development environments
- Resetting credentials for all users in the corporate and product development domains, including resetting the credentials for all privileged accounts, and for all accounts used in building the Orion® Platform and related products
- Consolidating remote and cloud access avenues for accessing the SolarWinds network and applications by enforcing multi-factor authentication (MFA)
- Performing ongoing forensic analysis of our product development environments identifying root causes of the breach and taking remediation steps
- Moving to a completely new build environment with stricter access controls and deploying mechanisms to allow for reproducible builds from multiple independent pipelines
- Adding additional automated and manual checks to ensure that our compiled releases match our source code
- Re-signing all Orion Platform software and related products, as well as all other SolarWinds products, with new digital certificates
- Expanding our vulnerability management program to reduce our average time-to-patch and to better enable us to work with the external security community
- Performing extensive penetration testing of the Orion Platform software and related products to identify any potential issues which we will resolve with urgency
- Leveraging third-party tools to expand the security analysis of the source code for the Orion Platform software and related products
- Engaging with and funding ethical hacking from white hat communities to quickly identify, report, and remediate security issues across the entire SolarWinds portfolio"
SolarWinds consults two big names in security
To further assist the new CEO and company response, SolarWinds is bringing in two well-known names in the security industry.
This includes Christopher Krebs, the former Director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs was fired in November via a tweet from President Trump for refuting the President's claims of election fraud. Krebs was hired as an independent consultant.
And Krebs has teamed up with Alex Stamos in the consulting world, who is Facebook's former Chief Security Officer.
The two will work closely with SolarWinds CEO Ramakrishna to continue responding and recovering from the company's data breach.