Cannabis Indica

thcscience_admin
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
link
→‎History: Additional information on new CEO including date he will take position. Removed duplicate sentence. Consolidated sentences.
Line 11: Line 11:
| location_city = [[Austin, Texas]]
| location_city = [[Austin, Texas]]
| location_country = U.S.
| location_country = U.S.
| products =
| products =
| key_people = Kevin Thompson {{small|(CEO, 2010 - 2020-12-07)}},<ref name="cnbc-2020-12-16"/> Sudhakar Ramakrishna {{small|(CEO, 2020-12-07 - present)}}<ref name="cnbc-2020-12-16"/>
| key_people = Kevin Thompson {{small|(CEO, 2010 - 2020-12-07)}},<ref name="cnbc-2020-12-16"/> Sudhakar Ramakrishna {{small|(CEO, beginning 2021-01-04)}}<ref name="cnbc-2020-12-16"/>
| revenue = [[US$]]938.5 million (2019)<ref name="2019_result">{{cite web|url=https://investors.solarwinds.com/news/news-details/2020/SolarWinds-Announces-Fourth-Quarter-2019-Results/|title=SolarWinds Annnounceds Fourth Quarter 2019 Results|access-date=2020-06-09}}</ref>
| revenue = [[US$]]938.5 million (2019)<ref name="2019_result">{{cite web|url=https://investors.solarwinds.com/news/news-details/2020/SolarWinds-Announces-Fourth-Quarter-2019-Results/|title=SolarWinds Annnounceds Fourth Quarter 2019 Results|access-date=2020-06-09}}</ref>
| num_employees = {{circa}} 3,200<ref name="company_home">{{cite web|url=https://www.solarwinds.com/company/home|title=About SolarWinds|access-date=2020-12-14}}</ref>
| num_employees = {{circa}} 3,200<ref name="company_home">{{cite web|url=https://www.solarwinds.com/company/home|title=About SolarWinds|access-date=2020-12-14}}</ref>
Line 38: Line 38:
In September 2018, SolarWinds filed for a public offering again, after three years of being owned by private equity firms.<ref>{{Cite news|url=https://www.marketwatch.com/story/software-provider-solarwinds-files-for-ipo-2018-09-21|title=Software provider Solarwinds files for IPO|last=Assis|first=Claudia|work=MarketWatch|access-date=2018-10-01|language=en-US}}</ref> SolarWinds completed their public offering on October 19, 2018.<ref>{{cite web |title=SolarWinds prices reduced IPO at low end of lowered expected range |url=https://www.marketwatch.com/story/solarwinds-prices-reduced-ipo-at-low-end-of-lowered-expected-range-2018-10-19 |website=MarketWatch.com |accessdate=19 October 2018}}</ref>
In September 2018, SolarWinds filed for a public offering again, after three years of being owned by private equity firms.<ref>{{Cite news|url=https://www.marketwatch.com/story/software-provider-solarwinds-files-for-ipo-2018-09-21|title=Software provider Solarwinds files for IPO|last=Assis|first=Claudia|work=MarketWatch|access-date=2018-10-01|language=en-US}}</ref> SolarWinds completed their public offering on October 19, 2018.<ref>{{cite web |title=SolarWinds prices reduced IPO at low end of lowered expected range |url=https://www.marketwatch.com/story/solarwinds-prices-reduced-ipo-at-low-end-of-lowered-expected-range-2018-10-19 |website=MarketWatch.com |accessdate=19 October 2018}}</ref>


On 7 December 2020, CEO Kevin Thompson retired and will be replaced by Sudhakar Ramakrishna, CEO of Pulse Secure, effective 4 January 2021.<ref name="cnbc-2020-12-16"/><ref>{{Cite web|last=Johnson|first=O’Ryan|date=2020-12-09|title=SolarWinds Names New CEO As Potential Spin-off Inches Forward|url=https://www.crn.com/news/channel-programs/solarwinds-names-new-ceo-as-potential-spin-off-inches-forward|access-date=2020-12-20|website=CRN}}</ref><ref>{{Cite web|date=2020-12-09|title=SolarWinds Appoints Sudhakar Ramakrishna as New President and Chief Executive Officer|url=https://www.businesswire.com/news/home/20201209005342/en/SolarWinds-Appoints-Sudhakar-Ramakrishna-as-New-President-and-Chief-Executive-Officer|access-date=2020-12-20|website=www.businesswire.com|language=en}}</ref>
On 7 December 2020, CEO Kevin Thompson retired and was replaced by Sudhakar Ramakrishna.<ref name="cnbc-2020-12-16"/>


==Acquisitions==
==Acquisitions==
Line 56: Line 56:
On December 13, 2020, ''[[The Washington Post]]'' reported that [[2020 United States federal government data breach|multiple government agencies were breached]] through SolarWinds's Orion software. The company stated in an [[Securities and Exchange Commission|SEC]] filing that fewer than 18,000 of its 33,000 Orion customers were affected, involving versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.<ref name="auto"/> According to [[Microsoft]], hackers acquired [[superuser]] access to [[SAML]] [[Access token|token]]-signing [[Public key certificate|certificates]]. This SAML certificate was then used to forge new tokens to allow hackers trusted and highly privileged access to networks.<ref>{{Cite web|last=Lambert|first=John|title=Important steps for customers to protect themselves from recent nation-state cyberattacks|url=https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/|date=2020-12-13|access-date=2020-12-13|website=Microsoft|language=en}}</ref> The [[Cybersecurity and Infrastructure Security Agency]] issued Emergency Directive 21-01 in response to the incident, advising all federal civilian agencies to disable Orion.<ref name="auto1">{{Cite web|publisher=Cybersecurity & Infrastructure Security Agency|title= CISA Issues Emergency Directive to Mitigate the Compromise of SolarWinds Orion Network Management Products |url=https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network|access-date=2020-12-15|website=CISA|language=en}}</ref>
On December 13, 2020, ''[[The Washington Post]]'' reported that [[2020 United States federal government data breach|multiple government agencies were breached]] through SolarWinds's Orion software. The company stated in an [[Securities and Exchange Commission|SEC]] filing that fewer than 18,000 of its 33,000 Orion customers were affected, involving versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.<ref name="auto"/> According to [[Microsoft]], hackers acquired [[superuser]] access to [[SAML]] [[Access token|token]]-signing [[Public key certificate|certificates]]. This SAML certificate was then used to forge new tokens to allow hackers trusted and highly privileged access to networks.<ref>{{Cite web|last=Lambert|first=John|title=Important steps for customers to protect themselves from recent nation-state cyberattacks|url=https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/|date=2020-12-13|access-date=2020-12-13|website=Microsoft|language=en}}</ref> The [[Cybersecurity and Infrastructure Security Agency]] issued Emergency Directive 21-01 in response to the incident, advising all federal civilian agencies to disable Orion.<ref name="auto1">{{Cite web|publisher=Cybersecurity & Infrastructure Security Agency|title= CISA Issues Emergency Directive to Mitigate the Compromise of SolarWinds Orion Network Management Products |url=https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network|access-date=2020-12-15|website=CISA|language=en}}</ref>


[[APT29]], aka Cozy Bear, working for the Russian Foreign Intelligence Service ([[Foreign Intelligence Service (Russia)|SVR]]), was reported to be behind the 2020 attack.<ref>{{Cite web|url=https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html|title=Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm|date=2020-12-13|website=The Washington Post|accessdate=2020-12-13}}</ref> Victims of this attack include the cybersecurity firm [[FireEye]], the [[US Treasury Department]], the [[US Department of Commerce]]'s [[National Telecommunications and Information Administration]], as well as the [[US Department of Homeland Security]].<ref>{{Cite web|last=Cimpanu|first=Catalin|title=Microsoft, FireEye confirm SolarWinds supply chain attack|url=https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/|access-date=2020-12-14|website=ZDNet|language=en}}</ref><ref>{{Cite web|url=https://www.reuters.com/article/us-global-cyber-usa-dhs-idUSKBN28O2LY|title=Suspected Russian hackers breached U.S. Department of Homeland Security - sources|via=mobile.reuters.com}}</ref> Prominent international SolarWinds customers investigating whether they were impacted include the [[North Atlantic Treaty Organization]] (NATO), the [[European Parliament]], UK [[GCHQ|Government Communications Headquarters]], the UK [[Ministry of Defence (United Kingdom)|Ministry of Defence]], the [[National Health Service|UK National Health Service]] (NHS), the [[Home Office|UK Home Office]], and [[AstraZeneca]].<ref>Gallanger, Ryan, Donaldson, Kitty, ''et al''. (15 December 2020). "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack". [https://www.bloomberg.com/news/articles/2020-12-14/u-k-government-nato-join-u-s-in-monitoring-risk-from-hack Bloomberg News website] Retrieved 15 December 2020.</ref><ref>Field, Matthew. (16 December 2020). "SolarWinds shareholders sold $280m days before breach was revealed". [https://www.telegraph.co.uk/technology/2020/12/16/solarwinds-shareholders-sold-280m-days-breach-revealed/ The Telegraph website] Retrieved 16 December 2020.</ref> FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020".<ref>{{Cite web|url=https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html|title=Global Intrusion Campaign Leverages Software Supply Chain Compromise|website=FireEye}}</ref> Previously, in November 2019, a security researcher had warned SolarWinds that their [[File Transfer Protocol|FTP server]] was not secure, warning that "any hacker could upload malicious [files]" that would then be distributed to SolarWinds customers.<ref name="krebs-2020-12-15"/><ref>{{Cite web|url=https://www.itwire.com/security/solarwinds-ftp-credentials-were-leaking-on-github-in-november-2019.html|title=iTWire - SolarWinds FTP credentials were leaking on GitHub in November 2019|first=Sam|last=Varghese|website=www.itwire.com}}</ref><ref>{{Cite web|url=https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8|title=Hackers used SolarWinds' dominance against it in sprawling spy campaign|date=2020-12-16|access-date=2020-12-16|website=Reuters|language=en}}</ref> In a 2019 blog post Greg W. Stuart from SolarWinds argued on corporate blog that [[open-source software]] is less secure than proprietary because "anyone can update the code" and "risk of downloading malicious code [with open-source] is much higher".<ref>{{Cite web|date=2019-02-18|title=The Pros and Cons of Open-source Tools|url=https://thwack.solarwinds.com/t5/Geek-Speak-Blogs/The-Pros-and-Cons-of-Open-source-Tools/ba-p/478665|access-date=2020-12-17|website=thwack.solarwinds.com|language=en}}</ref>
[[APT29]], aka Cozy Bear, working for the Russian Foreign Intelligence Service ([[Foreign Intelligence Service (Russia)|SVR]]), was reported to be behind the 2020 attack.<ref>{{Cite web|url=https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html|title=Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm|date=2020-12-13|website=The Washington Post|accessdate=2020-12-13}}</ref> Victims of this attack include the cybersecurity firm [[FireEye]], the [[US Treasury Department]], the [[US Department of Commerce]]'s [[National Telecommunications and Information Administration]], as well as the [[US Department of Homeland Security]].<ref>{{Cite web|last=Cimpanu|first=Catalin|title=Microsoft, FireEye confirm SolarWinds supply chain attack|url=https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/|access-date=2020-12-14|website=ZDNet|language=en}}</ref><ref>{{Cite web|url=https://www.reuters.com/article/us-global-cyber-usa-dhs-idUSKBN28O2LY|title=Suspected Russian hackers breached U.S. Department of Homeland Security - sources|via=mobile.reuters.com}}</ref> Prominent international SolarWinds customers investigating whether they were impacted include the [[North Atlantic Treaty Organization]] (NATO), the [[European Parliament]], UK [[GCHQ|Government Communications Headquarters]], the UK [[Ministry of Defence (United Kingdom)|Ministry of Defence]], the [[National Health Service|UK National Health Service]] (NHS), the [[Home Office|UK Home Office]], and [[AstraZeneca]].<ref>Gallanger, Ryan, Donaldson, Kitty, ''et al''. (15 December 2020). "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack". [https://www.bloomberg.com/news/articles/2020-12-14/u-k-government-nato-join-u-s-in-monitoring-risk-from-hack Bloomberg News website] Retrieved 15 December 2020.</ref><ref>Field, Matthew. (16 December 2020). "SolarWinds shareholders sold $280m days before breach was revealed". [https://www.telegraph.co.uk/technology/2020/12/16/solarwinds-shareholders-sold-280m-days-breach-revealed/ The Telegraph website] Retrieved 16 December 2020.</ref> FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020".<ref>{{Cite web|url=https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html|title=Global Intrusion Campaign Leverages Software Supply Chain Compromise|website=FireEye}}</ref>


The attack used a backdoor in a SolarWinds [[Library (computing)|library]]; when an update to SolarWinds occurred the malicious attack would go unnoticed due to the trusted certificate.<ref>{{Cite web|date=2020-12-13|title=Microsoft, Customer Guidance on Recent Nation-State Cyber Attacks|url=https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/|access-date=2020-12-15|website=Microsoft Security Response Center|language=en}}</ref> In November 2019, a security researcher notified SolarWinds that their [[File Transfer Protocol|FTP server]] had a weak password of "solarwinds123", warning that "any hacker could upload malicious [files]" that would then be distributed to SolarWinds customers.<ref name="krebs-2020-12-15" /><ref>{{Cite web|url=https://www.itwire.com/security/solarwinds-ftp-credentials-were-leaking-on-github-in-november-2019.html|title=iTWire - SolarWinds FTP credentials were leaking on GitHub in November 2019|first=Sam|last=Varghese|website=www.itwire.com}}</ref><ref>{{Cite web|url=https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8|title=Hackers used SolarWinds' dominance against it in sprawling spy campaign|date=2020-12-16|access-date=2020-12-16|website=Reuters|language=en}}</ref><ref>{{Cite web|last=Menn|first=Raphael Satter, Christopher Bing, Joseph|date=December 16, 2020|title=Hackers used SolarWinds' dominance against it in sprawling spy campaign|url=https://www.reuters.com/article/global-cyber-solarwinds-idUSKBN28Q07P|via=www.reuters.com}}</ref> In a 2019 blog post Greg W. Stuart from SolarWinds argued on corporate blog that [[open-source software]] is less secure than proprietary because "anyone can update the code" and "risk of downloading malicious code [with open-source] is much higher".<ref>{{Cite web|date=2019-02-18|title=The Pros and Cons of Open-source Tools|url=https://thwack.solarwinds.com/t5/Geek-Speak-Blogs/The-Pros-and-Cons-of-Open-source-Tools/ba-p/478665|access-date=2020-12-17|website=thwack.solarwinds.com|language=en}}</ref> ''The New York Times'' reported SolarWinds did not employ a chief information security officer and that employee passwords had been posted on [[GitHub]] in 2019.<ref>{{Cite web|last1=Sanger|first1=David E.|last2=Perlroth|first2=Nicole|last3=Barnes|first3=Julian E.|date=December 16, 2020|title=Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack|url=https://www.nytimes.com/2020/12/16/us/politics/russia-hack-putin-trump-biden.html|via=NYTimes.com}}</ref>
The attack used a backdoor in a SolarWinds [[Library (computing)|library]]. When an update to SolarWinds occurred the malicious attack would go unnoticed due to the trusted certificate.<ref>{{Cite web|title=Microsoft, Customer Guidance on Recent Nation-State Cyber Attacks|url=https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/|date=2020-12-13|access-date=2020-12-15|website=Microsoft Security Response Center|language=en}}</ref> The [[Cybersecurity and Infrastructure Security Agency]] issued Emergency Directive 21-01 in response to the incident.<ref name="auto1"/>

''The New York Times'' reported SolarWinds did not employ a chief information security officer and that employee passwords had been posted on [[GitHub]] in 2019.<ref>{{Cite web|url=https://www.nytimes.com/2020/12/16/us/politics/russia-hack-putin-trump-biden.html|title=Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack|first1=David E.|last1=Sanger|first2=Nicole|last2=Perlroth|first3=Julian E.|last3=Barnes|date=December 16, 2020|via=NYTimes.com}}</ref> ''Reuters'' reported that a security researcher had alerted the company in 2019 that its update server had a weak password of "solarwinds123."<ref>{{Cite web|url=https://www.reuters.com/article/global-cyber-solarwinds-idUSKBN28Q07P|title=Hackers used SolarWinds' dominance against it in sprawling spy campaign|first=Raphael Satter, Christopher Bing, Joseph|last=Menn|date=December 16, 2020|via=www.reuters.com}}</ref>


SolarWinds's share price fell 25% in the days following the breach.<ref name="gu-2020-12-15">{{Cite web|url=http://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department|title=What you need to know about the biggest hack of the US government in years|date=December 15, 2020|website=the Guardian}}</ref> Insiders at the company traded $280 million in stock after the attack was revealed internally but prior to it being announced to the public.<ref>{{Cite web|url=https://www.washingtonpost.com/technology/2020/12/15/solarwinds-russia-breach-stock-trades/|title=Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed|date=2020-12-16|access-date=2020-12-16|website=The Washington Post|language=en}}</ref> A spokesperson said that those who sold the stock were not aware of the breach.<ref name="cnbc-2020-12-16">{{Cite web|url=https://www.cnbc.com/2020/12/16/solarwinds-hack-triggers-23percent-stock-haircut-this-week-so-far.html|title=SolarWinds hack has shaved 23% from software company's stock this week|first=Jordan|last=Novet|date=December 16, 2020|website=CNBC}}</ref>
SolarWinds's share price fell 25% in the days following the breach.<ref name="gu-2020-12-15">{{Cite web|url=http://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department|title=What you need to know about the biggest hack of the US government in years|date=December 15, 2020|website=the Guardian}}</ref> Insiders at the company traded $280 million in stock after the attack was revealed internally but prior to it being announced to the public.<ref>{{Cite web|url=https://www.washingtonpost.com/technology/2020/12/15/solarwinds-russia-breach-stock-trades/|title=Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed|date=2020-12-16|access-date=2020-12-16|website=The Washington Post|language=en}}</ref> A spokesperson said that those who sold the stock were not aware of the breach.<ref name="cnbc-2020-12-16">{{Cite web|url=https://www.cnbc.com/2020/12/16/solarwinds-hack-triggers-23percent-stock-haircut-this-week-so-far.html|title=SolarWinds hack has shaved 23% from software company's stock this week|first=Jordan|last=Novet|date=December 16, 2020|website=CNBC}}</ref>

Revision as of 03:06, 20 December 2020

This article is about the IT company. For the astronomical phenomenon, see solar wind. For other uses, see Solar wind (disambiguation).
SolarWinds Inc.
Company typePublic
IndustrySoftware
GenreNetwork monitoring
Founded1999; 25 years ago (1999) in Tulsa, Oklahoma, U.S.
Founders
  • Donald Yonce
  • David Yonce
Headquarters
Austin, Texas
,
U.S.
Key people
Kevin Thompson (CEO, 2010 - 2020-12-07),[1] Sudhakar Ramakrishna (CEO, beginning 2021-01-04)[1]
RevenueUS$938.5 million (2019)[2]
Number of employees
c. 3,200[3] (2020)
Websitesolarwinds.com

SolarWinds Inc. is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries.[4] The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including Pingdom, Papertrail and Loggly.[5] It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies and numerous federal agencies.[6][7]

A SolarWinds product, Orion, used by about 33,000 public and private sector customers, was the focus of a large-scale hack disclosed in December 2020, allegedly perpetrated by Russian intelligence. The attack persisted undetected for months in 2020 and investigations into the breadth and depth of compromised systems were continuing.[8]

History

SolarWinds began in 1999 in Tulsa, Oklahoma, co-founded by Donald Yonce (a former executive at Walmart) and his brother David Yonce.[9][10][11][12] SolarWinds released its first products, Trace Route and Ping Sweep, earlier in March 1998 and released its first web-based network performance monitoring application in November 2001.[13] According to Michael Bennett, who became the chief executive officer in 2006,[14] the name SolarWinds was chosen by an early employee and the company has nothing to do with solar or wind power.[15] In 2006, the company moved its headquarters to Austin, Texas,[10] where about 300 of the company's total 450 employees were based as of 2011.[9] The company was profitable from its founding through its IPO in 2009.[16]

During 2007, SolarWinds raised funding from Austin Ventures, Bain Capital, and Insight Venture Partners.[17][18] SolarWinds completed an initial public offering of US$112.5 million in May 2009,[10] closing at higher prices after its initial day of trading.[15] The IPO from SolarWinds was followed by another from OpenTable (an online restaurant-reservation service), which was perceived to break a dry spell during the Great Recession, when very few companies went public.[19] Both Bain Capital and Insight Venture Partners backed the IPO and used the opportunity to sell some of their shares during the offering.[16]

Analysts and company executives forecasted continued expansion post-IPO, including several acquisitions.[20] In 2010, Bennett retired as CEO and was replaced by the company's former chief financial officer Kevin Thompson.[10] In May 2013, SolarWinds announced plans to invest in an operations hub in Salt Lake City, Utah. It was named by Forbes as "Best Small Company in America, citing high-functioning products for low costs and impressive company growth." By 2013, SolarWinds employed about 900 people.[21]

Acquisition by private equity technology investment firms Silver Lake Partners and Thoma Bravo, LLC. was announced in late 2015,[22][23] and by January 2016, SolarWinds was taken private in a $4.5 billion deal. At the time, the company had 1,770 employees worldwide with 510 based in Austin, and reported revenues of about half a billion dollars a year.[24]

In November 2017, SolarWinds released AppOptics which integrates much of their software portfolio, including Librato and TraceView, into a single software-as-a-service package. AppOptics included compatibility with Amazon Web Services and Microsoft Azure.[25]

In September 2018, SolarWinds filed for a public offering again, after three years of being owned by private equity firms.[26] SolarWinds completed their public offering on October 19, 2018.[27]

On 7 December 2020, CEO Kevin Thompson retired and will be replaced by Sudhakar Ramakrishna, CEO of Pulse Secure, effective 4 January 2021.[1][28][29]

Acquisitions

According to The Wall Street Journal, SolarWinds offers freely downloadable software to potential clients and then markets more advanced software to them by offering trial versions.[30] Following the funding in 2007, SolarWinds acquired several companies including Neon Software and ipMonitor Corp. and opened a European sales office in Ireland.[31]

During and after its IPO in 2009, SolarWinds acquired a number of other companies and products, including the acquisition of the New Zealand–based software maker Kiwi Enterprises, which was announced in January 2009.[32]

SolarWinds acquired several companies in 2011 and was ranked number 10 on Forbes magazine's list of fastest-growing tech companies.[33] In January 2011, it acquired Hyper9 Inc, an Austin-based virtualization management company with undisclosed terms.[34] In July, SolarWinds completed the acquisition of the Idaho-based network security company TriGeo for $35 million.[33][35] TriGeo's offices in Post Falls were added to the list of SolarWinds location which already included satellite offices in Dallas, Salt Lake City, and Tulsa, as well as operations in Australia, the Czech Republic, India, Ireland, and Singapore.[36] In 2012 SolarWinds acquired the patch management software provider EminentWare,[37] and RhinoSoft, adding the latter company's FTP Voyager product to SolarWinds' product suite.[38]

In early 2013, SolarWinds acquired N-able Technologies, a cloud-based information technology services provider. The deal was reportedly valued $120 million in cash.[39] In late 2013, it acquired the Boulder, Colorado–based database performance management company Confio Software. With the $103 million agreement, SolarWinds gained a sales office in London and Confio's main product, Ignite.[40] Between 2014 and 2015, the company acquired the Swedish web-monitoring company Pingdom,[41][42] the San Francisco–based metrics and monitoring company Librato (for $40 million),[43] and the log management service Papertrail (for $41 million).[44]

Between 2015 and 2020, SolarWinds acquired Librato (a monitoring company),[45] Capzure Technology (an MSP Manager software to N-able which SolarWinds had previously acquired),[46] LogicNow (a remote monitoring software company),[47] SpamExperts (an email security company),[48] Loggly (a log management and analytics company),[5] Trusted Metrics (a provider of threat monitoring and management software),[49] Samanage (a service desk and IT asset management provider),[50] VividCortex (a database performance monitor),[51] and SentryOne (a provider of database performance monitoring).[52]

2020 supply chain attack

Main articles: 2020 United States federal government data breach and Supply chain attack

On December 13, 2020, The Washington Post reported that multiple government agencies were breached through SolarWinds's Orion software. The company stated in an SEC filing that fewer than 18,000 of its 33,000 Orion customers were affected, involving versions 2019.4 through 2020.2.1, released between March 2020 and June 2020.[6] According to Microsoft, hackers acquired superuser access to SAML token-signing certificates. This SAML certificate was then used to forge new tokens to allow hackers trusted and highly privileged access to networks.[53] The Cybersecurity and Infrastructure Security Agency issued Emergency Directive 21-01 in response to the incident, advising all federal civilian agencies to disable Orion.[54]

APT29, aka Cozy Bear, working for the Russian Foreign Intelligence Service (SVR), was reported to be behind the 2020 attack.[55] Victims of this attack include the cybersecurity firm FireEye, the US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration, as well as the US Department of Homeland Security.[56][57] Prominent international SolarWinds customers investigating whether they were impacted include the North Atlantic Treaty Organization (NATO), the European Parliament, UK Government Communications Headquarters, the UK Ministry of Defence, the UK National Health Service (NHS), the UK Home Office, and AstraZeneca.[58][59] FireEye reported the hackers inserted "malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim's environment" and that they have found "indications of compromise dating back to the spring of 2020".[60]

The attack used a backdoor in a SolarWinds library; when an update to SolarWinds occurred the malicious attack would go unnoticed due to the trusted certificate.[61] In November 2019, a security researcher notified SolarWinds that their FTP server had a weak password of "solarwinds123", warning that "any hacker could upload malicious [files]" that would then be distributed to SolarWinds customers.[62][63][64][65] In a 2019 blog post Greg W. Stuart from SolarWinds argued on corporate blog that open-source software is less secure than proprietary because "anyone can update the code" and "risk of downloading malicious code [with open-source] is much higher".[66] The New York Times reported SolarWinds did not employ a chief information security officer and that employee passwords had been posted on GitHub in 2019.[67]

SolarWinds's share price fell 25% in the days following the breach.[68] Insiders at the company traded $280 million in stock after the attack was revealed internally but prior to it being announced to the public.[69] A spokesperson said that those who sold the stock were not aware of the breach.[1]

On 15 December 2020, SolarWinds reported the breach to the Securities and Exchange Commission.[68] However, SolarWinds continued to distribute malware-infected updates, and did not immediately revoke the compromised digital certificate used to sign them.[62][70][71]

On 16 December 2020, German IT news portal Heise.de reported that SolarWinds had for some time been encouraging customers to disable anti-malware tools before installing SolarWinds products.[72][73]

On 17 December 2020, SolarWinds said they would revoke the compromised certificates by 21 December 2020.[74]

References

  1. ^ a b c d Novet, Jordan (December 16, 2020). "SolarWinds hack has shaved 23% from software company's stock this week". CNBC.
  2. ^ "SolarWinds Annnounceds Fourth Quarter 2019 Results". Retrieved 2020-06-09.
  3. ^ "About SolarWinds". Retrieved 2020-12-14.
  4. ^ Lind, Treva (2011-09-22). "SolarWinds blows into Post Falls". Journal of Business. Retrieved 2018-01-23.
  5. ^ a b Lardinois, Frederic (2018-01-08). "SolarWinds acquires log-monitoring service Loggly". TechCrunch. Retrieved 2018-07-16.
  6. ^ a b Cimpanu, Catalin. "SEC filings: SolarWinds says 18,000 customers were impacted by recent hack". ZDNet.
  7. ^ Sanger, David E.; Perlroth, Nicole; Schmitt, Eric (December 15, 2020). "Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit" – via NYTimes.com.
  8. ^ Cimpanu, Catalin. "Microsoft says it identified 40+ victims of the SolarWinds hack". ZDNet.
  9. ^ a b Harrell, Barry (2011-07-05). "Fast-growing Austin software maker Solarwinds acquires Idaho company". Austin American-Statesman. Retrieved 2018-01-23.
  10. ^ a b c d Hawkins, Lori (2011-11-20). "SolarWinds keeps on growing". Austin American-Statesman. Retrieved June 17, 2013.
  11. ^ Baker, Liana B. (2015-10-09). "SolarWinds confirms it is exploring strategic alternatives". Reuters. Retrieved 2018-01-23.
  12. ^ Peterson-Withorn, Chase (2015-10-23). "Who Got Rich This Week: SolarWinds Founder Yonce's Fortune Jumps Due To $4.5 Billion Sale Agreement". Forbes. Retrieved 2018-01-23.
  13. ^ "Corporate Fact Sheet" (PDF). SolarWinds. 2008. Archived from the original (PDF) on 2008-11-17. Retrieved 17 February 2017.
  14. ^ Denne, Scott (2009-05-20). "Q&A With Michael Bennett, CEO Of Hot IPO SolarWinds". WSJ. Retrieved 2018-01-23.
  15. ^ a b Vance, Ashlee; Miller, Claire Cain (2009-05-20). "SolarWinds Beats Odds With Public Offering". Bits Blog. Retrieved 2018-01-23.
  16. ^ a b Cowan, Lynn (2009-05-22). "Bright Start for SolarWinds Stock". Wall Street Journal. ISSN 0099-9660. Retrieved 2018-01-23.
  17. ^ "SolarWinds raises $7.5M". Austin Business Journal. 2007-02-05. Retrieved 2018-01-24.
  18. ^ Morrison, Chris (2009-01-06). "Is network management growing? SolarWinds picks up Kiwi Enterprises". VentureBeat. Retrieved 2018-01-24.
  19. ^ Miller, Claire Cain (2009-05-21). "Investors Find an Appetite for Tech Offerings". The New York Times. ISSN 0362-4331. Retrieved 2018-01-24.
  20. ^ Krause, Reinhardt (2014-11-26). "SolarWinds Acquisition Spree Expected To Keep Going". Investor's Business Daily. Retrieved 2018-01-24.
  21. ^ Lee, Jasen (2013-05-09). "Tech firm to bring more than 1,000 jobs to Utah". Deseret News. Retrieved 2018-01-24.
  22. ^ Goliya, Kshitiz (2015-10-21). "Silver Lake, Thoma Bravo to take SolarWinds private in $4.5 billion deal". Reuters. Retrieved 2018-01-30.
  23. ^ Minaya, Ezequiel (2015-10-21). "SolarWinds to be Bought by Silver Lake, Thoma Bravo". Wall Street Journal. ISSN 0099-9660. Retrieved 2018-01-30.
  24. ^ Rockwell, Lilly (February 5, 2016). "Austin software maker SolarWinds completes $4.5 billion sale". Austin American-Statesman. Retrieved 5 May 2016.
  25. ^ Moozakis, Chuck (2017-11-21). "SolarWinds' AppOptics melds network device monitoring, app behavior". TechTarget. Retrieved 2018-01-30.
  26. ^ Assis, Claudia. "Software provider Solarwinds files for IPO". MarketWatch. Retrieved 2018-10-01.
  27. ^ "SolarWinds prices reduced IPO at low end of lowered expected range". MarketWatch.com. Retrieved 19 October 2018.
  28. ^ Johnson, O’Ryan (2020-12-09). "SolarWinds Names New CEO As Potential Spin-off Inches Forward". CRN. Retrieved 2020-12-20.
  29. ^ "SolarWinds Appoints Sudhakar Ramakrishna as New President and Chief Executive Officer". www.businesswire.com. 2020-12-09. Retrieved 2020-12-20.
  30. ^ Cowan, Lynn (2009-05-22). "Bright Start for SolarWinds Stock". The Wall Street Journal. ISSN 0099-9660. Retrieved 2018-07-16.
  31. ^ Cooter, Maxwell. "Solar Winds finally blows into Europe". Techworld. Retrieved 2018-01-24.
  32. ^ Dubie, Denise (2009-01-05). "SolarWinds acquires Kiwi Enterprises". Network World. Retrieved 2018-01-30.
  33. ^ a b Harrell, Barry (2011-07-05). "Fast-growing Austin software maker Solarwinds acquires Idaho company". Austin American-Statesman. Retrieved 2018-07-16.
  34. ^ "SolarWinds acquires Hyper9". Austin Business Journal. 2011-01-19. Retrieved 2018-01-30.
  35. ^ Wauters, Robin (2011-06-23). "SolarWinds Buys Network Security Company TriGeo For $35 Million In Cash". TechCrunch. Retrieved 2018-01-30.
  36. ^ Lind, Treva (2011-09-22). "SolarWinds blows into Post Falls". Spokane Journal. Retrieved 2018-07-16.
  37. ^ Mukhar, Nicholas (2012-02-02). "SolarWinds Acquires EminentWare for Patch Management Software". Channel Futures. Retrieved 2018-01-30.
  38. ^ Hay, Richard (2012-12-18). "RhinoSoft Acquired by SolarWinds – FTP Voyager Now Offered as Free Tool". WindowsObserver.com. Retrieved 2018-01-30.
  39. ^ Cai, Debbie (2013-05-21). "SolarWinds to Buy N-able Technologies for $120 Million". The Wall Street Journal. Retrieved 2018-01-23.
  40. ^ Associated Press (2013-10-07). "SolarWinds buys Confio Software for $103M". The Denver Post. Retrieved 2018-01-23.
  41. ^ Kobialka, Dan (2014-06-20). "SolarWinds Adds Pingdom to Its Performance Management Portfolio". Channel Futures. Retrieved 2018-01-23.
  42. ^ Hawkins, Lori (2014-06-18). "Austin-based SolarWinds acquires Stockholm-based company". Austin American-Statesman. Retrieved 2018-01-23.
  43. ^ "SolarWinds Expands Its Cloud Monitoring and Management Footprint With Acquisition of Librato". MarketWatch. Retrieved 5 May 2016.
  44. ^ Lardinois, Frederic (2015-04-28). "SolarWinds Acquires Log Management Service Papertrail For $41M In Cash". TechCrunch. AOL. Retrieved 5 May 2016.
  45. ^ Wells, Karla (2015-01-29). "SOLARWINDS EXPANDS ITS CLOUD MONITORING AND MANAGEMENT FOOTPRINT WITH ACQUISITION OF LIBRATO". SolarWinds News Room. Retrieved 2018-07-16.
  46. ^ Davis, Jessica (2015-08-24). "SolarWinds N-able to Roll Out Competitively Priced MSP Manager Platform". Channel Futures. Retrieved 2018-01-23.
  47. ^ Foye, Brendon (2016-06-02). "SolarWinds acquires LogicNow, creates new company". CRN Australia. Retrieved 2018-01-23.
  48. ^ Wells, Karla (2017-08-29). "SolarWinds MSP Acquires SpamExperts to Enhance its Growing Product Portfol". SolarWinds News Room. Retrieved 2018-07-16.
  49. ^ "SolarWinds acquires Trusted Metrics, Adding Threat Monitoring and Management to Its IT Management Portfolio". 2018-07-10. Retrieved 2018-08-01.
  50. ^ "SolarWinds Sets Its Sights on the ITSM Market through Acquisition of Samanage and Introduction of a SolarWinds Service Desk Product". 2019-04-11. Retrieved 2019-04-29.
  51. ^ "SolarWinds Set to "Cover the Databases" Through Acquisition of VividCortex and Introduction of New Monitoring Solution Designed for Cloud-Native Databases". 2019-12-11. Retrieved 2020-03-04.
  52. ^ "SolarWinds Snaps Up SentryOne To Enhance Database Management Capabilities". SmarterAnalyst. 2020-10-26. Retrieved 2020-10-26.
  53. ^ Lambert, John (2020-12-13). "Important steps for customers to protect themselves from recent nation-state cyberattacks". Microsoft. Retrieved 2020-12-13.
  54. ^ "CISA Issues Emergency Directive to Mitigate the Compromise of SolarWinds Orion Network Management Products". CISA. Cybersecurity & Infrastructure Security Agency. Retrieved 2020-12-15.
  55. ^ "Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm". The Washington Post. 2020-12-13. Retrieved 2020-12-13.
  56. ^ Cimpanu, Catalin. "Microsoft, FireEye confirm SolarWinds supply chain attack". ZDNet. Retrieved 2020-12-14.
  57. ^ "Suspected Russian hackers breached U.S. Department of Homeland Security - sources" – via mobile.reuters.com.
  58. ^ Gallanger, Ryan, Donaldson, Kitty, et al. (15 December 2020). "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack". Bloomberg News website Retrieved 15 December 2020.
  59. ^ Field, Matthew. (16 December 2020). "SolarWinds shareholders sold $280m days before breach was revealed". The Telegraph website Retrieved 16 December 2020.
  60. ^ "Global Intrusion Campaign Leverages Software Supply Chain Compromise". FireEye.
  61. ^ "Microsoft, Customer Guidance on Recent Nation-State Cyber Attacks". Microsoft Security Response Center. 2020-12-13. Retrieved 2020-12-15.
  62. ^ a b "SolarWinds Hack Could Affect 18K Customers — Krebs on Security".
  63. ^ Varghese, Sam. "iTWire - SolarWinds FTP credentials were leaking on GitHub in November 2019". www.itwire.com.
  64. ^ "Hackers used SolarWinds' dominance against it in sprawling spy campaign". Reuters. 2020-12-16. Retrieved 2020-12-16.
  65. ^ Menn, Raphael Satter, Christopher Bing, Joseph (December 16, 2020). "Hackers used SolarWinds' dominance against it in sprawling spy campaign" – via www.reuters.com.{{cite web}}: CS1 maint: multiple names: authors list (link)
  66. ^ "The Pros and Cons of Open-source Tools". thwack.solarwinds.com. 2019-02-18. Retrieved 2020-12-17.
  67. ^ Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (December 16, 2020). "Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack" – via NYTimes.com.
  68. ^ a b "What you need to know about the biggest hack of the US government in years". the Guardian. December 15, 2020.
  69. ^ "Investors in breached software firm SolarWinds traded $280 million in stock days before hack was revealed". The Washington Post. 2020-12-16. Retrieved 2020-12-16.
  70. ^ McCarthy, Kieren (2020-12-15). "SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks". The Register.
  71. ^ Varghese, Sam. "iTWire - Backdoored Orion binary still available on SolarWinds website". www.itwire.com.
  72. ^ "The SolarWinds Perfect Storm: Default Password, Access Sales and More". threatpost.com.
  73. ^ online, heise. "l+f SolarWinds-Backdoor: Hersteller sorgte für Ausnahmen von AV-Überwachung". Security.
  74. ^ Johnson, Joseph F. Kovar, O’Ryan (December 17, 2020). "SolarWinds MSP To Revoke Digital Certificates For Tools, Issue New Ones As Breach Fallout Continues". CRN.{{cite web}}: CS1 maint: multiple names: authors list (link)

External links

source: https://en.wikipedia.org/w/index.php?title=&diff=prev&oldid=995271491

Leave a Reply