SolarWinds is ready to break the past և help customers manage theirs | ZDNet:

SolarWinds is ready to move on from the “cyber incident” that took place last year by strengthening its construction model և processes to better mitigate cyber security breaches in the future. It has also expanded its systems monitoring capabilities as part of its efforts to help customers better manage the complexity of hybrid cloud environments.

Mention SolarWinds, Many will remember something huge security breach caused when a malicious update of the vendor’s Orion’s network monitoring platform was sent to customers. Thousands of companies have received the Orion update, which contains the malicious code Sunburst, including US government agencies, Microsoft:, Malwarebytes:և: FireEye:which first: alarmed in December 2020.

Acknowledging that 2021 was a difficult year, SolarWinds և CEO Sudakar Ramakrishna told ZDNet that the company had spent time և contribution: assessing what it needed to do to strengthen its infrastructure and processes.

In January 2021, when Ramakrishna was just sailing, SolarWinds brought Chris Crabs, former director of the US Cyber ​​Security և Infrastructure Security Agency նախկին former Facebook security director Alex Stamos, to help improve his security posture.

“Over the past year, Krebs ամ Stamos has involved governments, regulators and best practices to get the seller’s attention to ‘project safety’,” Ramakrishna said in an interview. “Even though SolarWinds already had opportunities in this area before the breach, more has been added to all security elements,” he said.

Efforts focused on three key areas of its infrastructure, including cloud assets and applications, software development, and processes.

The emphasis here was on reducing the threat window that could lead to a security incident, changing the area of ​​the threat that could be attacked, he explained. Then a new construction process was carried out to achieve these two goals, he said, adding that the goal was not to provide a fixed target for attackers, creating dynamic rather than static processes.

In this “next generation building systemSolarWinds subscribes to four pillars that should support “secure design” software development principles to increase its resilience against future attacks. These include “modern operations”, among others, in which resources are generated on demand and dismantled when tasks are performed. completed, making it more difficult to build systems for threat players.

The vendor also adopts the “build in parallel” principle, where it creates multiple backups of its new build system; builds all the artifacts in parallel, across all systems. This provides a basis for completeness checks և “consensus constructs”.

In addition to assessing the resilience of its systems, SolarWinds invested last year in expanding its operations to two key regions, the Asia-Pacific EMEA, said Ramakrishna, who was in Singapore this week.

In addition, it has worked to “develop” its product offerings to support the digital transformation of customers և changing needs, especially as more diverse cloud environments become more common, he said. In this regard, the vendor sought to enhance its product capabilities in the areas of automation, monitoring, visualization, and recovery.

Describing 2021 as “tough” as it overcame the aftermath of the “cyber incident”, the SolarWinds CEO said the year was also “rewarding” as the vendor was able to focus on strengthening its building systems and processes, as well as investing. did.

And while it continued to be associated with security breaches, he said, SolarWinds should also be concerned with how it was handled, treated and dealt with.

He noted that security incidents “will remain here”, pointing to others that have followed SolarWinds’s own breach, such as: Casey, US Colonial Pipeline, log4j:և Recently Octa:.

Deeper visibility is needed to manage complex hybrid environments

Ramakrishna said that companies should learn from such attacks and work continuously to better mitigate their impact.

This was especially important in the context of significant changes in the IT environment, as organizations adopted hybrid work and became more dependent on cloud services, he said.

As their ecosystems expanded, they now had to deal with different environments with different security positions and different communication profiles, he said. Security challenges have been strengthened, as has its ability to meet performance requirements, identify problems and address issues, he added.

That forced SolarWinds to combine its monitoring capabilities to expand such security requirements, he said. This included the need for more in-depth observation or “monitoring”, as he invented it, with a comprehensive system that could view data across all entities, including networks, databases, applications, users, and systems. In that case, organizations will be able to identify and correct problems more quickly.

Reiterating the need for security in the draft, Ramakrishna stressed zero confidence frame as well as the need for better cooperation between the private and public sectors.

“No company, no matter how many resources you have or how cleverly committed you are, will be able to thwart the attacks of nation-states,” he said, stressing the difficulty of defending himself against such threats. “It simply came to our notice then [that] should be done so that sellers like us share information են be ashamed to share when we have been violated. “Like any crisis situation, the sooner we declare, the sooner we accept help, the sooner we resolve issues.”

He also called on governments to actively share threat intelligence with the private sector so that industry can be more vigilant against possible attacks.

Although there is not enough such exchange of information at present, he expressed optimism that it will improve over time, as there is already a “collective will” to start. “Threat intelligence should never be used as a competitive advantage,” he added. “We have to compete strongly for the value we provide to our customers. [but] not about keeping information out of your competition for threat intelligence. ”

Governments also played a role in how victims of cyber security breaches were perceived, he said, noting that victims’ embarrassment would encourage companies to present themselves. An “understanding environment” for those who complied would speed up the resolution of a security incident, he added.

Asked about his priorities, Ramakrishna reiterated SolarWinds’ significant contribution to boosting its expansion plans in the Asia-Pacific region, which he said could be the fastest growing region.

He declined to share vendor growth և investment figures by region, but said he had recently set up offices in South Korea, expanding his presence in Japan, as well as Asean և ANZ.

In itself Revenue report for the first quarter of 2022 SolarWinds reported $ 177 million in revenue last week, up 2% year-over-year. Subscription revenue rose 37% year-on-year to $ 38.7 million, and the EBITDA adjusted $ 69 million. It forecast revenue for the year ranging from $ 730 million to $ 750 million, with 2-4 percent annual growth.

According to Ramakrishna, the seller’s customer renewal rates before the breach fluctuated from the mid-90s to the mid-1990s, but fell in 2021 to the 1980s after the December 2020 cyber incident. In the first quarter of this year, the numbers rose to 91%, he said.

RELATED LIGHTING

see secret product in Box below

Disclaimer
‘The accuracy or reliability of any information/material/calculation contained in this article is not guaranteed. This information has been brought to you by collecting from various mediums / astrologers / almanacs / discourses / beliefs / scriptures. Our purpose is only to deliver information, its users should take it as mere information. In addition, any use thereof shall be the responsibility of the user himself.’

Leave a Reply

Your email address will not be published.

Translate »