SolarWinds CEO on How to Secure the Software Build ProcessSudhakar Ramakrishna on How SolarWinds Has Ensured the Integrity of Its Source Code
President and CEO Sudhakar Ramakrishna says SolarWinds has done extensive work implementing security into the build process since Russian hackers in late 2020 bundled malware into an update of the company's flagship network monitoring software.
Testing, validating and qualifying the integrity of the company's source code requires significant effort given that SolarWinds operates three distinct build systems, Ramakrishna says. The company has stepped up its SOC capabilities and red teaming efforts to complement efforts to secure its build process through static code analysis, pen testing and better understanding open-source vulnerabilities, he says.
"The image of SolarWinds itself has evolved quite drastically and dramatically," Ramakrishna says. "People in the past might have been skeptical about our secure by design work or our own competencies. But now, I routinely see customers, partners and others wanting to implement the techniques that we are using in their environment."
Information Security Media Group spoke with Ramakrishna before SolarWinds disclosed that federal regulators plan to investigate whether the firm violated securities law by failing to adequately disclose cybersecurity risks and incidents prior to the 2020 Russian government hack. The firm plans to contest the determination to move forward with an investigation (see: SolarWinds May Face SEC Investigation Over Hack Disclosure).
SolarWinds also disclosed subsequent to Ramakrishna's conversation with ISMG that it has agreed to settle a shareholder class action lawsuit for $26 million that accused the company of overstating its security capabilities prior to the Russian hack.
In a video information with ISMG, Ramakrishna also discusses:
- The biggest lessons learned from the 2020 Russian government hack;
- Top challenges around incorporating security into the build process;
- How SolarWinds Observability can help companies improve security.
Ramakrishna joined SolarWinds in January 2021 following nearly 25 years of experience across the cloud, mobility, networking, security and collaboration markets. He spent more than five years as the CEO of Pulse Secure, where he was responsible for all aspects of business strategy and execution. Prior to that, he spent two years leading Citrix's enterprise and service provider division, where he was responsible for virtualization, cloud networking, mobile platforms and cloud services solutions. Ramakrishna has also held senior leadership roles at Polycom, Motorola, 3Com and U.S. Robotics.