Since we announced the cyberattack on the Orion Platform seven weeks ago, we’ve worked tirelessly with our customers and Partners to ensure the safety and security of their environments. We’ve also been fast at work to understand the
what,
how, and
who of the attack—and what we can do to learn, improve, and set new standards. We are not only sharing our findings with the industry but also with law enforcement, intelligence agencies, and policymakers around the world.
While it’s widely understood any one company could not protect itself against a sustained and unprecedented nation-state attack of this kind, we see an opportunity to lead an industry-wide effort that makes SolarWinds a model for secure software environments, development processes, and products.
As we continue our investigations, we’ve learned a lot about
what happened and we continue to work to pinpoint
how the threat actors were able to enter our environment and access our systems and then, hopefully, we can confirm the
who.
While we believe our prior practices were representative of practices within the broader software industry, armed with what we’ve learned about this attack, we’re taking immediate steps to strengthen and protect our environment by implementing additional security practices. To that end, we’re securing our environment and systems against vulnerabilities by:
- Upgrading to stronger and deeper endpoint protections within our environment;
- Enhancing our Data Loss Prevention solution to better detect low and slow leaks;
- Expanding our Security Operations Center to improve visibility and threat hunting across our network;
- Tightening our firewall policies to further limit east/west traffic.
Additionally, we’re adopting zero trust and least privilege access mechanisms by:
- Expanding and more consistently enforcing least privileges policies for ALL employees;
- Locking down access to our environments and limiting external interfaces; and
- Increasing, expanding, and strictly enforcing requirements for multi-factor authentication throughout our environment, as well as expanding the use of a privilege access manager for all administrative accounts, with auditing.
Further, we’re addressing the possible risks associated with third-party applications access by:
- Increasing on-going monitoring and inspection of all SaaS tools within our environment;
- Ensuring that the configurations and implementation of all tools within our environment align with best practices;
- Reviewing all accounts, updating all passwords and turning up the level of conditional access; and
- Strengthening the level of pre-procurement security reviews for all vendors.
At 9 a.m. CT and 7 p.m. CT Thursday, February 4, I’ll join cybersecurity expert and Krebs Stamos Group Founding Partner Alex Stamos for an engaging conversation on our plan for a safer SolarWinds and customer community, grounded in five principles we’re using to secure our enterprise. We believe sharing our perspectives—based on what we’ve learned from this experience—can greatly benefit both our customers and the broader industry, helping to build deeper understanding of these kinds of attacks
, and to create stronger security plans for enterprises.
I welcome you all to join us Thursday, registration is available
here.
We’re committed to translating the more than 20 years of trust our customers have placed in us, and the incredible dedication of our employees, into building a stronger and more secure foundation that sets a model for the future of the software industry by delivering powerful, affordable, and secure solutions.