Next-Generation Technologies & Secure Development , Secure Software Development Lifecycle (SSDLC) Management , Threat Modeling

SolarWinds CEO on How to Secure the Software Build Process

Sudhakar Ramakrishna on How SolarWinds Has Ensured the Integrity of Its Source Code
Sudhakar Ramakrishna, president and CEO, SolarWinds

President and CEO Sudhakar Ramakrishna says SolarWinds has done extensive work implementing security into the build process since Russian hackers in late 2020 bundled malware into an update of the company's flagship network monitoring software.

See Also: OnDemand | The Evolution from DAST to IAST: Take AppSec Testing to the Next Level

Testing, validating and qualifying the integrity of the company's source code requires significant effort given that SolarWinds operates three distinct build systems, Ramakrishna says. The company has stepped up its SOC capabilities and red teaming efforts to complement efforts to secure its build process through static code analysis, pen testing and better understanding open-source vulnerabilities, he says.

"The image of SolarWinds itself has evolved quite drastically and dramatically," Ramakrishna says. "People in the past might have been skeptical about our secure by design work or our own competencies. But now, I routinely see customers, partners and others wanting to implement the techniques that we are using in their environment."

Information Security Media Group spoke with Ramakrishna before SolarWinds disclosed that federal regulators plan to investigate whether the firm violated securities law by failing to adequately disclose cybersecurity risks and incidents prior to the 2020 Russian government hack. The firm plans to contest the determination to move forward with an investigation (see: SolarWinds May Face SEC Investigation Over Hack Disclosure).

SolarWinds also disclosed subsequent to Ramakrishna's conversation with ISMG that it has agreed to settle a shareholder class action lawsuit for $26 million that accused the company of overstating its security capabilities prior to the Russian hack.

In a video information with ISMG, Ramakrishna also discusses:

  • The biggest lessons learned from the 2020 Russian government hack;
  • Top challenges around incorporating security into the build process;
  • How SolarWinds Observability can help companies improve security.

Ramakrishna joined SolarWinds in January 2021 following nearly 25 years of experience across the cloud, mobility, networking, security and collaboration markets. He spent more than five years as the CEO of Pulse Secure, where he was responsible for all aspects of business strategy and execution. Prior to that, he spent two years leading Citrix's enterprise and service provider division, where he was responsible for virtualization, cloud networking, mobile platforms and cloud services solutions. Ramakrishna has also held senior leadership roles at Polycom, Motorola, 3Com and U.S. Robotics.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.