Late last year, a group believed to be Russia’s Cozy Bear (APT29) successfully compromised SolarWinds’ Orion update software, turning it into a delivery vehicle for malware. Nearly 100 customers of the popular network monitoring tool were affected, including government entities and cybersecurity company FireEye.
The attacker was able to gain access to SolarWinds’ IT infrastructure to produce trojanized updates to the Orion software. FireEye, which first discovered this software supply chain attack, said it required meticulous planning and manual interaction by the attackers.
While researchers consider the attack noteworthy, so is SolarWinds’ response. The company quickly brought in capable outside help to not only address the immediate crisis, but to also help review their security operations and craft a strategy to better guard against future software supply chain attacks. SolarWinds has openly communicated its knowledge of the incident and the steps it is taking to improve its security posture.
CSO spoke with Tim Brown, SolarWinds CISO and vice president of security, about how this incident has changed the company’s approach to security. Brown is responsible for both product and internal security.
How has your role changed since the attack?
Prior to the attack, I didn’t necessarily call myself a CISO because I was focused on both security operations and product security/strategy. My goal has always been a mix between product as well as operation. That’s important when you have a product development environment that you do have that mix. We do we take on the security aspects of an operation. Our primary delivery is products, so it’s very important that our security team is tied into both sides of that.