Blog
SolarWinds Hack: Cloud and OpenSource Alternatives for SolarWinds Orion
- January 10, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity ITOM

What’s your take? Rip and replace SolarWinds Orion or sign up for more hacks. Since the software is entangled deeply into the enterprise IT operations management, there are no easy answers here. It is still unclear how hackers got access to the SolarWinds Orion source code, but experts are now saying that it was piggybacked on yet another backdoor that hackers put into the JetBrains TeamCity. So, even after 4 weeks, the hack remains a moving target. So, based on these reasons, I made a case in another video that they are not just another company that got hacked. They have been complacent for years and that made them a great target, and thus I concluded that SolarWinds Orion should not be patched but dumped. In this video, I want to present several alternatives to SolarWinds Orion.
SolarWinds and the NPMD Marketplace
SO, SolarWinds Orion is a product that’s part of a bigger market known as the Network Performance, Monitoring, and Diagnostics or NPMD. NPMD is part of the broader ITOM marketplace. SolarWinds is known to have 300,000 total customers and about 10% of them use Orion. As per SolarWinds, 18 thousand or about half of the Orion install base downloaded the software update with the trojanized backdoor. Gartner put SolarWinds as a challenger or a technology laggard in their 2019 NPMD magic quadrant. Because of the shifting market dynamics, Gartner officially sunsetted the NPMD magic quadrant in favor of the cloud-native solutions as part of their new Market Guide. Now, according to the Gartner Market Guide for NPMD, by 2024, 50% of network operation teams will be required to re-architect their network monitoring stack, due to the impact of the cloud and edge infrastructure.
SolarWinds Orion Architecture and Deployment Models
NOW, let’s look at the Orion platform architecture and use cases. The Orion Platform enables real-time performance monitoring and management of physical and virtual infrastructure in a single pane of glass in the form of services such as alerting, reporting, dashboards, and charts. It can be deployed in a centralized or distributed fashion. Centralized deployment means your pollers are co-located with the Orion server. In a centralized deployment, all you need is an Orion server and an Orion Core database server to get started. You can deploy scalability engine servers to scale your polling. Now, three factors affect Orion server scalability and those are the numbers of monitored elements like a node or an interface, polling frequency so there is a big difference if you’re polling every few minutes versus every few hours, and finally, the number of simultaneous administrative users accessing the monitoring system. Like if you have more than 20 users accessing the web console at the same time, then SolarWinds recommends the installation of an additional web server that will load balance the number of concurrent users.
SolarWinds Orion Modules and Use Cases
The primary use cases for Orion are Network Performance Monitoring, NetFlow Traffic Analysis, Web Performance Monitoring, and Server and Application Monitoring, or what’s commonly known as SAM. There are some more such as Network Configuration Management, Virtualization Management, IP Address Management, and Storage Resource Management or SRM. NOW, let’s talk about the Orion alternatives. I don’t believe there is one vendor that can replace all functions that Orion with all its modules loaded can perform, so you’ll need to pick and choose the vendors and tools to replace Orion modules. Overall, there are two flavors of ITOM solutions out there, that is, on-premise which can be proprietary or open-source, and the Cloud-based solution. Now, broadly speaking, there are two vendor choices here. One, you can stick with a big-name vendor such as Cisco or Microsoft which allows you to replace more than one module at a time. The upsides are that they are easier to manage with one single pane of glass, you only call one 1-800 number for support so there is less finger-pointing and you may be able to negotiate better bundle discounts. The downside, for some modules, you’re going to have to settle for what they offer, that is, settle for less than the best of breed available in the marketplace which brings me to the second approach. The second approach is to go with the best of breed niche players or open-source vendors.
SolarWinds Orion Vendor Alternatives: NPM, NTA, NAM, NCM, IPAM, WPM, SRM and SAM
Since Network Performance Monitor or NPM is the most popular app or module within Orion, let’s start there. The NPM module helps you with the endpoint, component, and link monitoring. The big vendors that have the most overlap with what SolarWinds NPM offers, are Cisco, ManageEngine, Microsoft, and Splunk. If I were starting my research to replace Orion NPM today, I’d start with those vendors in that order. If you are OK with the best of the breed and signing up for more detailed research, then you want to look into PRTG Network Monitor, Observium, LibreNMS, Catchpoint, Kentik, AKIPS, Zabbix, Datadog, and Prometheus. You can also add more graphing capabilities to these tools with Cacti or Smokeping. Now, for Orion NetFlow Traffic Analyzer or NTA module, I suggest that you start with Cisco, Nagios, and NetBrain in that order. For niche vendors, your choices are PRTG, Plixer, Catchpoint, and Kentik. For Orion Network Automation Manager, your big vendor choices are going to be Broadcom, Cisco, and ManageEngine. For niche players, you can try your luck with PRTG and ExtraHop. For Network Configuration Manager or NCM, the big-name vendors are Cisco and Infoblox and the niche players are Unimus, RConfig, and even Ansible from Red Hat. For IP Address Management or IPAM, you can look into NetBox, GestoioIP, and or an open-source tool such as PHPiPAM. As you can notice, there is a vendor overlap across network-related functions such as NPM, NTA, NAM, and NCM functions that we just covered. NOW, let’s talk about Server and Application Monitoring or SAM. SAM is about monitoring servers, storage systems, databases, and hypervisors. So, your big-name vendors are going to be ManageEngine, Nagios, and VMware in that order. For niche players, you can consider PRTG and Zabbix. For cloud-based workloads, your choices are going to be AWS, Microsoft Azure, or a third-party vendor such as Dynatrace. For Storage Resource Monitor or SRM, within the big boys club, you can consider VMware, LogicMonitor, or ManageEngine. From within the niche players, you can consider PRTG or Zabbix. For Virtualization Manager or VMAN, your choices are Citrix Virtual Apps and Desktops or Veeam or VMware. Finally, for Web Performance Monitor or WPM, your choices are Cisco ThousandEyes, LogicMonitor, or Amazon CloudWatch if you’re hosted in the AWS. Well, this winds down the list of the commonly used Orion module.
Why Big Cloud Vendors are a Safer Choice
Now, here is the most interesting thing and it is to remember how we got here. Whether software is proprietary or open-source, hosted on-premises or in the cloud, that doesn’t make it more or less secure. If there are enough motivation and will, virtually anything can be hacked. But, practically speaking, how many times have you heard that hackers were able to get into AWS or Google, or Microsoft and steal everything. Never. So, you’ve to ask the question why. Are they not being attacked? They are. So, why is it that those 3 cloud shops are so secure? In my opinion, there are three big reasons. Number one, they write and maintain their software stacks in-house. On the surface, it seems SolarWinds also wrote their software stack but the two are not the same. Big tech cloud vendors own the entirety of the software stack without exceptions. Sure, they use open source, but they have the bench strength to ensure that it is safe and secure and when it is not, they have the operational excellence to iron it out. And that’s the second big difference. Google has pioneered web-scale infrastructure reliability roles such as SRE for a reason. Finally, the big tech has access to virtually unlimited financial resources to ensure the security and safety of their platforms.
SolarWinds Orion Hack and Future Cybersecurity Implications
I believe the SolarWinds Orion hack will completely transform the cybersecurity space where on one end, you will have newer solutions that focus on zero-trust for the supply chain components but in the meantime, even more, workloads will move into the cloud which comes bundled with the native monitoring tools such as the AWS CloudWatch. As an Enterprise IT or cybersecurity professional, now it is part of your job to evaluate the supply chain risk for every on-premise software stack deployed within your organization since the stakes couldn’t be higher.
Feel free to drop your comments below. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070

Leave a Reply Cancel reply
5 (1) The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point. Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked […]
5 (1) If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity […]
5 (1) The global Cybersecurity market is worth $202B today and is expected to reach a whopping $433B by 2030. The cyber security market consists of five major segments and those are network security and endpoint, threat detection and intelligence, identity access management or IAM, data and cloud security, encryption, and cryptography, and a few […]
5 (1) If you didn’t know, the SolarWinds hack was not one of, but the most sophisticated software supply chain attack to ever occur. SolarWinds hackers enjoyed unfettered access to thousands of SolarWinds customers worldwide for 9 months. They could have continued it for even longer if not for the unforced error on their part […]
5 (1) Another week, and another hack. If the SolarWinds and Microsoft Exchange hacks were not enough, F5 to the rescue. With a high-severity vulnerability, a patch-ASAP-grade, you can bet attackers reacted like sharks that smell blood in the water. Just for some historical context, a similarly critical remote code execution or RCE vulnerability in […]