What is SolarWinds, and why are all these organizations using it?
Clearly, it’s a giant single point of failure, but other than that, I’ve never heard of them.
Their marketing says they do network monitoring, etc. Do they have a legitimate product, or is this just another case of enterprise checkbox security theater gone awry?
Solarwinds is systems management that runs the gamut (router config managment, network monitoring, systems monitoring, logging, etc) for gui ninjas (read: people who use microsoft way too much) and execs who listen to sales people (and some gov orgs). I've used it plenty in the past, not all their products but many/most, and it's actually not that bad on the surface, but dig deeper and you begin to see the flaws quickly. I almost aways advocate against it if I ever see a proposal for even a single one of their tools pop up.
The thing it does for many orgs is become a "one stop shop" for the array of products a "modern" IT stack needs... and if you thought splunk was expensive...
I think there are probably scales SolarWinds products work well at and then places that they do not.
I have definitely found some deficiencies in SolarWinds products I've used that feel like they should've fixed long ago. But their products are also leaps and bounds better than tools I worked with prior.
The most alarming bit is the "our software needs to be exempt from antivirus scanning and group privs" ... so people probably just run this thing as root the whole time
Almost every install document I've ever read says disable antivirus and firewall. I actively disregard every such instruction and rarely have a problem.
If your antivirus product is any good, it will work fine with legitimate software. But that is entered solely as a support disclaimer for "I can't guarantee anything if anything else is running on your system".
In short, it's infrastructure monitoring software. Stuff like CPU, Network, Memory utilization, is this process running, etc.
It's used to set alarms that will go off if "process XYZ is not running on server 123" or "CPU Utilization is over 95% for 15 minutes on server 456" that kind of thing, as well as dashboards.
The special thing about Solarwinds is that it's agentless, meaning you don't have to install an agent on the boxes you want to monitor, I think it uses ICMP to ping the instances you're monitoring.
It's terrible software (compared to say, Datadog) and I've been saying I want to short it for a year. Obviously I should have put my money where my mouth was.
Very common in public sector, think of just a fancy graphite/splunk that deals mostly on SNMP and creates reports that fits 99% of the network/sysadmin needs for gov/compliance.
The tool that was compromised is a SolarWinds product, Orion. Orion is essentially a network configuration manager. It allows you to collect data about your network switches, including pushing and pulling configs. You can back them up and diff the configs as well. It is not inherently a checkbox product, but it could be. In many cases this could be a really useful product.
You have a lot of answers, but to shed some more light on it, they're also a massive MSP software provider. I'm in a small city in Canada and we have a half dozen IT shops here that are shifting from traditional IT (walk-in, break-fix, running cable, selling hardware, whatever) to a Solarwinds powered business model. The thought process is scalability. What that works out to is millions and millions of endpoints all around the world with Solarwinds agents running on them.
It's one of the bigger names in the network monitoring space. Most network and systems people that work for a big enough company will have at least heard of them.
They own Loggly, Papertrail, and Pingdom, amongst other products/companies. Most of their products are around software and server monitoring, in some fashion.
Network monitoring is their biggest product. Compared to other solutions they do have just about the best product if you need a web GUI to point to and say this is whats going on right now.
I'm sure 100% of small ISPs use them as well as anyone that runs a decent size Network ex. Schools, Universities.
You got your answer from those many replies informing you that Solawind is Ok because they have a big well known brand.
Nobody's ever been owned^H fired for choosing Solarwind, I guess.
What is SolarWinds, and why are all these organizations using it?
Clearly, it’s a giant single point of failure, but other than that, I’ve never heard of them.
Their marketing says they do network monitoring, etc. Do they have a legitimate product, or is this just another case of enterprise checkbox security theater gone awry?