At SolarWinds, we focus on helping our customers accelerate their business transformation through solutions designed to be simple, powerful, and secure. Over the past couple of years, we’ve made significant investments in our security and software build process with the goal of leading the industry in cyber resiliency.
Recently, I spoke at the VentureBeat Intelligent Security Summit
on the topic of Becoming Secure by Design with CrowdStrike Vice President of Intelligence Adam Meyers. We discussed the ever-evolving threat landscape and how SolarWinds Secure by Design principles help pave the way for a new approach to security and cyber resiliency.
Cyber Resiliency in the Face of a Changing Threat Landscape
Secure by Design is our guiding principle for how we approach security and cyber resiliency at SolarWinds. Consisting of several key principles, we’re working to create a more secure environment and build system centered around transparency and maximum visibility.
Coming out of SUNBURST, we understood the key to security is to take a different approach: working at every step to create a resilient structure. If this was a house, we’d be building it brick by brick, making sure the structure of each brick is understood and proper reinforcement is used. When put together, it’s done with the utmost attention to resiliency and security. The resulting structure won’t be impenetrable, as making something 100% secure isn’t possible, but it will have the proper reinforced structure to be resilient to many potential breaches.
SolarWinds Secure by Design principles
- Develop a resilient build environment, called our Next-Generation Build System
- Build out a community approach to support cyber resiliency
- Improve overall security through transparency
- Build out a security team to conduct frequent red and purple teaming and auditing in the middle of builds
- Increase efforts to gain more visibility into systems and processes
- Go beyond zero-trust with an assume breach mindset
Taking an Assume Breach Position
Zero-trust has been a common topic in recent discussions around cybersecurity. At the Intelligent Security Summit, I stated zero-trust is a guiding principle for businesses. Some products are marketed as being zero-trust products, but you can’t buy zero-trust. When adopting a zero-trust culture, you are determining a way to effectively reduce attack aperture and risk. We’ve expanded zero-trust to an assume breach position, a mindset enabling organizations to identify and address gaps in the detection and prevention of attacks; the response to an attack and penetration; the recovery from an attack, tamper, or leak; and the prevention of future attacks or breaches.
To create a Secure by Design ecosystem, an assume breach mindset is critical. The mindset forces an organization to verify its protection, detection, and response mechanisms are implemented properly. This goes a long way toward preventing “knowledgeable attackers,” who try to use legitimate assets (such as compromised accounts and machines unknown to the technical teams) within an organization.
Observability for Cyber Resiliency
SolarWinds is committed to being a leader in software security. Secure by Design was created to develop stronger products, processes, and environments for the benefit of our employees, customers, partners, and shareholders—and for the benefit of the infrastructures and supply chains on which we all rely. We continue to develop the concept as we evolve our products and meet the changing threat landscape.
This is most evident in our observability products, which offer a key element of Secure by Design: visibility. Our SolarWinds® Hybrid Cloud Observability
and SolarWinds Observability
are developed with our Secure by Design principles to provide the single-pane-of-glass visibility necessary for our customers to build their own cyber resiliency.
To learn more, you can read the VentureBeat article Cybersecurity in 2023: Becoming and Remaining Secure by Design Amid a Constantly Shifting Threatscape
and visit our Secure by Design site
for up-to-date resources.