Sudhakar Ramakrishna, president and CEO of SolarWinds, wrote in a blog post published Thursday that in light of the cyber attack, the software company will implement measures centered around three key areas: further securing its internal environment, improving product development environment and ensuring the integrity and security of the products it delivers.
For the first primary area, Ramakrishna said actions include the deployment of additional threat protection and hunting software on network endpoints and consolidation of remote and cloud access pathways for accessing the company's applications and network by implementing multifactor authentication.
He said the company will expand its vulnerability management program, conduct extensive penetration testing of Orion software and related offerings and use third-party tools to broaden the security analysis of the source code for Orion and related products as part of efforts to ensure the security and integrity of its products.
To improve the environment for product development efforts, SolarWinds will carry out ongoing forensic analysis of the environment and transition to a new build environment.
“We have engaged several leading cybersecurity experts to assist us in this journey and I commit to being transparent with our customers, our government partners, and the general public in both the near-term and long-term about our security enhancements to ensure we maintain what’s most important to us – your trust,” Ramakrishna wrote.
SolarWinds hired Krebs Stamos Group— a consulting business formed by Christopher Krebs, former director of the Cybersecurity and Infrastructure Security Agency and a two-time Wash100 awardee, and Alex Stamos, former chief security officer at Facebook– to help in the security review.