IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

The IT Pro Podcast: Behind the scenes of the SolarWinds hack

We speak to the company’s top execs to find out what really happened

The IT Pro Podcast: Behind the scenes of the Solarwinds hack

Getting hit with a large-scale cyber attack is a nightmare scenario for many IT leaders. Repairing the damage caused by hackers once they’ve infiltrated your system can be both expensive and time-consuming, and the post-breach fallout can be extremely challenging to deal with.  

But while the technical impact an attack like this can have is one thing, we often overlook the effect it has on the individuals who have to respond to it. Long nights, extreme pressure and high levels of stress are all hallmarks of real-world incident response, and for the teams mobilised to deal with a breach, the experience can often be traumatic.

This week, the IT Pro Podcast sits down with SolarWinds CISO Tim Brown and CEO Sudhakar Ramakrishna to dig into one of the most serious and wide ranging attacks of the decade. We find out what it was actually like in the days and weeks following the attack on its Orion platform last year, and how the company’s incident response teams coped with one of the most severe security events in its history. We also discuss what it was like for Ramakrishna joining the company in the immediate wake of the incident, and how he rebuilt trust in SolarWinds’ partners and resiliency in its IT.

Highlights

“We didn't have a Christmas or New Year, that was for sure. We worked Saturday outside the office; Sunday, we were all in the office. Basically, [we were] in the office for a couple weeks straight. I think literally the first time we had a little bit of time off was that Christmas Day. So it's just one of those types of times where there's just so much to do, so many little things to do, so many things you have to have right. We were writing financial 10k information at two in the morning to get it right. [There was] a lot of response needed to happen in the first few weeks.”

“The technical teams were really mad. They were just pissed off, right? They were upset; this happened on their watch. How did this happen? How did this occur? How could they disrupt my product? Because there's a lot of ownership. If you build code, you know, you own it, right? It's your baby ... So to have somebody break into your house, and corrupt your baby, and change it was a very difficult situation for folks. So they wanted to do whatever was necessary to both resolve the problem [and] understand the incident deeply.”

“It was a nation state attack, and no company might be immune to a nation state attack, as was evidenced by much larger breaches and different breaches. So for instance, [the] Microsoft Exchange breach was attributed to China. And so it’s not a matter of how many resources you have, how talented you are, when a nation state that has significant resources is after you. One can take that as comfort and use that as an excuse and say ‘I couldn't have done anything differently’. Or you can take the approach of ‘Okay, what did we learn from this situation? And what can you do about it?’. And so that's how we came up with this initiative called secure by design. That's an initiative I've used previously in other companies but in this particular case, given the scope of the challenge, it was much broader and much wider. And so we use that as a rallying cry across the organisation to become better.”

“I do believe that today, we are a better company than we were a year ago. We were a great company a year ago – we are a better company today for the incident. Because …  through secure by design, we are now not only delivering powerful and simple solutions, but powerful, simple and more secure solutions. Just as an aside, I was with our partners in EMEA and APJ, just in the last two weeks. And one of the key points that our partners are making to our customers is you should deploy SolarWinds with greater confidence now, because it's probably more secure than it ever was before. So that was a positive out of this whole thing.”

Read the full transcript here.

Footnotes

Subscribe

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

How laptops have changed in the last five years
Sponsored

How laptops have changed in the last five years

16 Jun 2022
The IT Pro Podcast: How Singapore became a data centre powerhouse
data centres

The IT Pro Podcast: How Singapore became a data centre powerhouse

20 May 2022
The IT Pro Podcast: Solving SMB challenges through tech
SMB

The IT Pro Podcast: Solving SMB challenges through tech

13 May 2022
The IT Pro Podcast: How to scale your tech platform
software development

The IT Pro Podcast: How to scale your tech platform

6 May 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022