• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Combating Cyber Threats With SolarWinds: Federal Government Needs

Combating Cyber Threats With SolarWinds: Federal Government Needs



Learn how SolarWinds can help fulfill your growing list of cybersecurity needs, especially around reporting requirements for DISA STIGS, FISMA NIST, and more. In this presentation, our product ...

Learn how SolarWinds can help fulfill your growing list of cybersecurity needs, especially around reporting requirements for DISA STIGS, FISMA NIST, and more. In this presentation, our product management team will share the latest features and product updates our federal customers are most interested in for Log & Event Manager (LEM), Firewall Security Manager (FSM), User Device Tracker (UDT), and Network Configuration Manager (NCM) with a focus on their security features.

Learn More and Connect with SolarWinds Federal:

Federal website: http://www.solarwinds.com/federal

thwack Federal and Government group: http://thwack.solarwinds.com/groups/federal-and-government

Twitter: http://twitter.com/SolarWinds_Gov



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • Main points here from the Fed Government’s Track Record report – lots of attacks, but lack of visibility. Also, a gap in the process for identifying and managing vulnerabilities and security configurations is a big issue. 2013 Verizon Data Breach Report further spells out the elevated risk these issues create. Attackers are getting faster, sneakier and more sophisticated. The biggest impact attacks aren’t kids in the basement using scripts anymore, they are organized, patient, strategic and focused on a prize. In Federal Government this is more true than any other industry. Attacks happen quickly – but they take a long time to identify. Every second an attacker goes undetected, the risk and damage can increase exponentially. We need to turn the tables and have greater visibility and stronger controls to better prevent, identify and remediate today’s sophisticated threats.
  • As agencies move through every day security management, the general chaos and lack of resources can make risk management easily missed. The primary concern of “patch the system”, “address the compliance requirement”, or Of course, our overall goal is to prevent business impacts – financial loss, loss of secrets, intellectual property etc. Federal government will always have a wide array of sophisticated threats. The two ways that risk can be reduced is through elimination of existing and avoidance of introducing new vulnerabilities – and ensuring that controls evolve as the continuous arms race between attacker and security moves forward.
  • However, that’s not so easy today. I’m sure many of you are thinking – that sounds great but how? Best practices are just that – best practices. But with limited people, a high degree of budget sensitivity and a constant prioritization battle between IT systems efficiency and security produce large barriers for agencies – regardless of the compliance requirements that are present.
  • So how do we overcome this? Let’s start with budget. Security Management products that cost a lot typically have a lot of advanced features that are used by less than 10% of their user base. These advanced features cost a lot for vendors to develop and maintain – and so they add not only cost to licenses, but also complexity to their management, maintenance and usability. It can be a painful thing for overstretched agency security departments to throw out the fully optimized dream and focus on relief and capability – but the efficiency and budget leverage that comes with creating realistic requirements based on capability saves a lot of money – both up front license cost and ongoing management and maintenance. The other area that can be so effective to changing the economics and increasing the effectiveness of security is to really focus on a balance between preventative and detective controls. Preventative controls can be very expensive – particularly when an agency is leveraging a true defense in depth approach. Agencies that take the time to understand where they can prevent and where they can’t can make much more effective use of budget. Ensuring a strong monitoring program as a compensating control for areas that lack prevention due to budget will create situational awareness and reduce overall risk.In the area of people – automation is really key. Finding economical technologies that can automate the management and monitoring of security and compliance will make trained security and IT staff more effective – spending more time on addressing issues and less time on figuring out what the issues are. Also, identifying the existing security technologies that are creating large time sinks because they require too much management and replacing them with more efficient products creates rapid ROI – particulary if we go back to the product selection ideals we discussed in terms of budget.Then we have priority. Compliance reports will always be generated to demonstrate the boxes have been checked – but reporting that demonstrates overall risk, threat activity, incident levels and time to respond goes a long way to make the chain of command understand the needs of the security team and gain mindshare in terms of process, people, technology and budget. Of course, because these are all inter-related – reporting should be automated to solve the people challenge. (side note – web helpdesk can report on time to respond I believe if used as ticketing system – Alert central cannot – yes?)
  • It’s no secret that having the right processes, controls, and tools in place is vital to combating cyber attacks and strengthening your security posture. However, the challenge most federal agencies face is budget and resources.
  • The ever-increasing cybersecurity threat landscape necessitates around-the-clock security visibility to detect and respond to an attack in as near to real-time as possible in order to minimize damage. Federal agencies with limited resources and budget need an easier way to automate security monitoring and response, as well as streamline reporting.
  • As organizations grow and firewall rules become more and more complex, it’s easy for engineers to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes. Firewall rule sets have grown so large and unmanageable, it's become virtually impossible to decipher what's going on with the naked eye.
  • As networks grow in both size and complexity, the difficulty in managing all the device configuration changes that are happening throughout the IT infrastructure grows exponentially. Manually logging in to each device separately to make changes or updates means the likelihood of human error that can lead to policy violations, unauthorized network access, and the possibility of a security breach.
  • The proliferation of personal mobile devices on the enterprise network has made it extremely difficult to keep track of who and what is connecting to your network. The result is less control, increased security risks, and more time spent trying to trace network problems to their source.
  • SolarWinds User Device Tracker (UDT) delivers automated user and device tracking along with powerful switch port management capabilities so you can stay in control of who and what are connecting to your network. Quickly find a computer or user, as well as track down lost or rogue devices with a simple search on a user name, IP address, Hostname, or MAC address. And, if the user or device is no longer connected, historical data will show last known location. You can even perform whitelisting, as well as create a watch list, and be alerted immediately when a specific user or device connects. Plus, SolarWinds User Device Tracker lets you take immediate action to shut down a port to mitigate a threat or alleviate a network performance issue. Best of all, you can do it all from an easy-to-use, point-and-click web interface!

Combating Cyber Threats With SolarWinds: Federal Government Needs Combating Cyber Threats With SolarWinds: Federal Government Needs Presentation Transcript

  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Combating Cyber Threats With SolarWinds® Federal Government Needs Francois Caron Product Management Director - Network Management and Online Demo SolarWinds
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Pressing Need for Stronger Agency Security Cyber attacks are on the rise. Vulnerabilities are prevalent.  48,000 cyber “incidents” involving government systems which agencies detected and reported to DHS in FY 2012  Civilian agencies don’t detect roughly 4 in 10 intrusions  Weaknesses, vulnerabilities and flaws identified at the majority of audited agencies Source: “The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure”. Feb 2014  Majority of attacks move from penetration to data exfiltration in seconds to hours  Majority of attacks identified and resolved in weeks to years Source: 2013 Verizon Data Breach Report
  • Exploit Causing loss of Risk Minimize Causing Reduce Mitigated by Risk Management: Cause and Effect Threats © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • Controls to Reduce Risk » Vulnerabilities  Identification and correction of vulnerabilities – Vulnerability, Patch, Monitoring  Do not introduce new vulnerabilities into environment – policy » Threats  Threat prevention – strong management of controls  Threat identification and monitoring – intelligent visibility People Budget Priority © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. The Answer? Budget • Identify technologies that serve the mission without bells and whistles that will be rarely used • Leverage monitoring capability as a compensating control for areas that lack prevention People • Automate identification of threats and vulnerabilities • Replace technologies that require more care and feeding than value Priority • Reporting builds a case for security and compliance investments • Automate to solve the people challenge
  • Staying In the Know and In Control Cyber spies are everywhere and cyber attacks can come from anywhere. Understanding what is going on in your environment at any given time is vital to combating security threats and cyber attacks. Does your agency have the situational awareness needed to spot an attack? © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. How SolarWinds Can Help SolarWinds has helped hundreds of federal agencies improve their security situational awareness to effectively combat cyber threats without the high cost and operational overhead of competing security management solutions.  Centralized visibility  Configuration & change management  Continuous monitoring  Automated remediation  Flexible reporting Identify. Protect. Detect. Respond. Report. SolarWinds’ solutions provide:
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Log & Event Manager (LEM) SolarWinds LEM is a comprehensive log management and SIEM solution that provides continuous security monitoring of the entire IT infrastructure, combined with real-time event correlation and automated remediation capabilities to immediately detect and stop an attack. 86% of survey respondents said it takes too long to detect a cyber attack. Threat Intelligence & Incident Response Survey - Ponemon Institute:
  • 5 Ways SolarWinds LEM Can Help 1. Centralized collection of network device, system, and application logs with real-time event correlation to instantly view security breaches 2. Integrated Active Responses to immediately and automatically take action to mitigate security threats and thwart an attack 3. USB defense technology with real-time device detection, file access monitoring, and the ability to block usage to prevent endpoint data loss 4. Advanced search capabilities and data visualization tools to surface information and perform fast and easy forensic analysis 5. Over 700 pre-configured rules for out-of-the-box usability and hundreds of pre-packaged “audit-proven” security and compliance templates including FISMA, DISA STIG, NERC-CIP and more LEM © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Firewall Security Manager (FSM) SolarWinds FSM provides centralized, multi-vendor firewall management and configuration analysis, including automated firewall audits and rule/object cleanup, along with rule change tracking and change management reporting to find, fill, and prevent dangerous security gaps in firewall policies. Through 2018, more than 95% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws. Gartner research, November 28, 2012
  • 5 Ways SolarWinds FSM Can Help 1. Automate and schedule firewall audits against customizable, pre-defined security check catalogs, including STIG security checks 2. Analyze complex firewall configurations to identify and safely clean up unnecessary and potentially dangerous rules 3. Utilize network-aware analysis to model changes and validate ACLs to avoid inadvertently opening up a security hole 4. Leverage an intuitive, customizable dashboard for instant visibility into risk profile and security status of firewall 5. Track and certify security rules and the business justification of changes to maintain control and ensure continuous compliance FSM © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Network Configuration Manager (NCM) SolarWinds NCM provides automated network configuration and change management with real-time change detection capabilities, automatic backups of critical configs, and out-of-the-box network policy assessment templates to maintain effective DISA STIG and NIST FISMA controls for network configurations. 80% of unplanned outages are due to ill- planned changes made by administrators ("operations staff") or developers. IT Process Institute's Visible Ops Handbook
  • 5 Ways SolarWinds NCM Can Help 1. Real-time change alerts, along with access control, activity tracking, approval workflows to protect against unauthorized configuration changes 2. Automated device configuration management and bulk change deployment to save time and reduce the risk of human error 3. Automatic, scheduled backups of network devices with secure archival to protect critical configuration information 4. Configuration comparisons with change rollback capabilities to quickly recover a compromised or failed device 5. Out-of-the-box network policy assessment templates and reporting to ensure configurations comply with federal regulations, including DISA STIG and NIST NCM © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. User Device Tracker (UDT) SolarWinds UDT delivers automated endpoint tracking and switch port security, including network watch lists of users and computers, device whitelisting, and remote port shutdown to prevent unauthorized access and maintain control of who and what are connecting to the network at all times. 49% of federal employees surveyed use personal devices for work-related tasks. 2013 Telework Exchange Survey
  • 5 Ways SolarWinds UDT Can Help 1. Automated discovery and tracking of both wired and wireless activity to maintain awareness of who and what are connecting to the network at all times 2. Fast and simple searching on IP address, username, hostname, or MAC address to instantly find a user or device’s current and past location 3. Device whitelisting to identify safe versus rogue devices and click-of-a-button port shutdown to protect against unauthorized access 4. Watch list with automatic alerts to quickly track down suspicious users or compromised devices 5. Built-in, customizable reports on user or device data over specific time periods or by network segment, including IPv6 inventory reports, wireless endpoints reports, user history reports, and more UDT © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Stay Connected & Learn More » Stay Connected:  Join the Federal and Government Group on thwack®  Twitter®: @SolarWinds_Gov  Call: 877-946-3751  Email: federalsales@solarwinds.com  Email our Government Reseller DLT®: solarwinds@dlt.com » Learn More:  Visit our Federal website: http://www.solarwinds.com/federal  Watch a short demo video: http://www.solarwinds.com/sedemo  Download a free trial: http://www.solarwinds.com/downloads/
  • © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Thank You! The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.