With the recent news of Solarwinds getting hacked and sending out an update that has compromised their security, people are understandably taking an in-depth look at their third-party software. Let’s first give out our security team-approved response to those concerned, but then dive into some of the finer details that we can give.
Our security team does not allow us to discuss what tools we use internally. However, that being said, to the best of our knowledge, we have not been affected by any recent attacks or breaches including the recent news about SolarWinds.
Now let’s walk the fine line of discussing what we can while not specifically talking about our internal tools! Concerns can come from 2 vectors. The first is how do we ensure our software has not been breached; the second is the package library where we offer pre-built installs for your environment.
Internally we use various advanced network monitoring tools and monitor on three levels:
We search for anomalous behavior on our networks.
We constantly monitor the latest virus/malware/exploit software.
We monitor for malicious activities that are used for lateral movement within the network.
We think our process is pretty damn great, but that does not mean we are sitting back and letting things go lax. We always stay on top of the newest security practices and fine-tune and adjust to meet the best possible standard at all times.
Offering pre-built installers is pretty handy. Who doesn’t love recovering all that time installing software in your environment? It involves building around installers, which means we need to take steps to make sure that they are as safe as possible.
Whether new or an update on an existing package, every package built gets scanned for vulnerabilities and malware. After it has passed all scanning, we will compare the hash to make sure that the file we have vetted and tested has not been modified during our process. This allows us to be sure the installer we started with is the same as the one we ended with.
Security is an ever-changing landscape, where you must adapt to keep your environment safe. We will continue to rely on industry leaders and best practices to keep us protected and as secure as possible on each level. If needed, Alex will even dive in and punch any and all malicious packets out of our network. He is that committed.
Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet while drinking most Thursdays on the PDQ webcast.