SolarWinds to spend up to US$25M on security following attack

SolarWinds plans to invest between US$20 million and US$25 million in security-related initiatives this year following a massive cyberattack that compromised many high-profile customers.

The embattled IT infrastructure management vendor said the money will be put toward security initiatives as well as used to cover higher costs around both insurance and professional fees stemming from the breach, according to CFO Barton Kalsu. SolarWinds admitted Dec. 13 that nation-state hackers had injected malicious code into its Orion network monitoring product from March 2020 to June 2020.

“These [costs] are not necessarily related to remediation as much as we are looking at these as extensions and investments for us going forward,” SolarWinds President and CEO Sudhakar Ramakrishna told investors Thursday. “Our aspiration is to support the broader needs of IT, Dev[elopement] and SecOps [security operations] protection.”

Since taking over as CEO at the start of 2021, Ramakrishna said he’s spent a lot of time with the CIOs and CISOs of SolarWinds’ federal government and private sector customers highlighting the findings from their investigation into the cyberattack as well as remediation steps. The vast majority of customers have understood that an attack like this could have happened to any broadly deployed vendor, he said.

“Some customers have taken a wait-and-see attitude, but not necessarily a focus on churn or replacement at this point in time,” Ramakrishna said. “The vast majority of customers that I have spoken to, and we continue to engage with, have not only upgraded. In fact, many of them also have renewed their contracts.”

SolarWinds has been getting a lot of questions about the cyberattack from customers when they are up for renewal, Kalsu said. Those customers taking a wait-and-see approach aren’t immediately turning SolarWinds off or failing to renew their maintenance contracts, according to Kalsu.

Kalsu said there was a slight impact to SolarWinds’ MSP business in January as some of the company’s MSP partners and their end customers assessed the potential impact of the cyberattack. But once SolarWinds was able to assure MSPs that none of the company’s MSP products were impacted in the breach, Kalsu said the company started to see its MSP business return to form.

“We could not find anything [in the attack] that was idiosyncratic to the SolarWinds environment,” Ramakrishna said. “And if anything, both our security hygiene, security posture and security tools are consistent with what is practiced in the industry.”

Revenue for the quarter ended Dec. 31 climbed to US$265.3 million, up 7.2 percent from US$247.5 million the year prior. That beat Seeking Alpha’s estimate of US$259.5 million.

Net income skyrocketed to US$132.7 million, or US$0.42 per diluted share, up 904 percent from US$13.2 million, or US$0.04 per diluted share, the year prior. On a non-GAAP basis, net income jumped to US$82.1 million, or US$0.26 per diluted share, up 8 percent from US$76 million, or US$0.24 per share, the year prior. That edged out Seeking Alpha’s non-GAAP earnings estimate of US$0.25 per share.

SolarWinds’ stock is down US$0.04 (0.25 percent) to US$15.68 per share in morning trading. Earnings were announced before the market opened Wednesday.

On a full-year basis, 2020 sales climbed to US$1.02 billion, up 9.3 percent from US$932.5 million in 2019. And net income soared to US$158.5 million, or US$0.50 per diluted share, up 750 percent from US$18.6 million, or US$0.06 per diluted share, the year prior.

For the quarter ending March 31, SolarWinds expects to record non-GAAP diluted earnings or US$0.19 to US$0.20 per share on non-GAAP total revenue of US$247 million to US$252 million. Analysts had been expecting non-GAAP earnings of US$0.21 per share on non-GAAP sales of US$251.3 million, according to Seeking Alpha.


Leave a Reply

Your email address will not be published.