Sascha Giese, Head Geek at SolarWinds, outlined to CNME Editor Mark Forker, what the IT leader meant by its concept ‘Secure by Design, the recent cyberattack on its Orion Platform – and what he believes are the fundamental characteristics needed to create a safer online community.
Can you provide our readers with more information in relation to what the concept Secure by Design means, and how you aim to achieve it?
We’re reflecting on our own security practices and seeking opportunities to enhance our posture and policies. Among other things, our focus is on further securing our internal environment, enhancing our product development processes, and ensuring the security and integrity of the products we deliver.
SolarWinds has stated that it has always been on a journey towards becoming Secure by Design, but has that long-term goal and objective been accelerated following the cyberattack on your Orion Platform a few months ago?
It absolutely has been accelerated. We deployed an additional, robust threat protection on all internal endpoints, broadened our enforcement of multi-factor authentication, and moved to a completely new build environment with stricter access controls and independent deploying mechanisms of builds. There will be further automated and manual checks to verify the integrity of our source code.
Have you been able to establish and determine how the cyberhackers were able to infiltrate your environment through the Orion Platform, and what has been the reaction of your customers since the attack?
While investigations are still ongoing, we try to be as open as possible in our communication as transparency is key. We’ve confirmed suspicious activity related to our Office 365 environment, and while no specific vulnerability has been identified, we’ve confirmed a SolarWinds email account was compromised and used to access targeted SolarWinds personnel.
We continue to share our findings with third parties, law enforcement organisations around the world, and with our customers.
Can you outline to us what the key components and fundamental principles are in achieving a safer SolarWinds and Customer Community?
One of our first actions was to re-sign the Orion Platform software code and its related products with new digital certificates to allow customers to verify the integrity of our new releases.
We expect these efforts and plans to guide our journey to becoming an even safer and more secure company, and we understand there’s much more work to be done. In the coming weeks, we’ll plan to share further plans and programs we believe will help us achieve that goal.