Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SolarWinds Federal Cybersecurity Survey 2016

5,366 views

Published on

The results of SolarWinds' third annual federal Cybersecurity Survey, which explores the biggest barriers to improving IT security, including exposure during consolidation and modernization processes, threats from foreign governments and careless or untrained insiders. The findings also highlight how the implementation of IT security management tools help mitigate threats, strengthening security strategies.

Published in: Technology
  • Hi there! Get Your Professional Job-Winning Resume Here - Check our website! http://bit.ly/resumpro
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

SolarWinds Federal Cybersecurity Survey 2016

  1. 1. © 2016 Market Connections, Inc. SolarWinds® Federal Cybersecurity Survey Summary Report 2016 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
  2. 2. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Background and Objectives 2 SolarWinds contracted Market Connections to design and conduct an online survey among 200 federal government IT decision makers and influencers in December 2015 and January 2016. SolarWinds was not revealed as the sponsor of the survey. The main objectives of the survey were to: • Determine challenges faced by IT professionals to prevent IT security threats • Quantify sources and types of IT security threats and what makes agencies more or less vulnerable • Measure changes in investment of resources in addressing threats • Determine the IT security tools used to mitigate risk and the time it takes to detect security events and compliance issues • Address the affects of IT modernization and consolidation efforts on agency IT security challenges Throughout the report, notable significant differences are reported. Due to rounding, graphs may not add up to 100%. BACKGROUND AND OBJECTIVES
  3. 3. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3 Organizations Represented RESPONDENT CLASSIFICATIONS • If a respondent did not work for any of the specific organization types noted below, the survey was terminated. Which of the following best describes your current employer? What agency do you work for? 2% 2% 2% 43% 50% 0% 10% 20% 30% 40% 50% 60% Federal Legislature Federal Judicial Branch Intelligence Agency Department of Defense or Military Service Federal, Civilian or Independent Government Agency Organizations Represented Sample Organizations Represented (In Alphabetical Order) Air Force Department of Transportation (DOT) Army Department of Treasury (TREAS) Department of Agriculture (USDA) Department of Veteran Affairs (VA) Department of Commerce (DOC) General Services Administration (GSA) Department of Defense (DOD) Judicial/Courts Department of Energy (DOE) Marine Corps Department of Health and Human Services (HHS) National Science Foundation (NSF) Department of Homeland Security (DHS) Navy Department of Labor (DOL) Office of Personnel Management (OPM) Department of State (DOS) Social Security Administration (SSA) Department of the Interior (DOI) US Postal Service (USPS) N=200
  4. 4. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5% 20% 45% 46% 50% 54% 0% 10% 20% 30% 40% 50% 60% Other involvement Make the final decision Develop technical requirements Evaluate or recommend firms Manage or implement security/IT operations On a team that makes decisions 4RESPONDENT CLASSIFICATIONS How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply) Note: Multiple responses allowed N=200 Decision Making Involvement • All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services.
  5. 5. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1% 3% 10% 20% 20% 16% 30% 0% 10% 20% 30% 40% Less than 1 Year 1-2 Years 3-4 Years 5-9 Years 10-14 Years 15-20 Years 20+ Years Tenure 16% 2% 4% 6% 8% 27% 36% 0% 10% 20% 30% 40% Other CSO/CISO CIO/CTO Security/IA director or manager Security/IA staff IT/IS staff IT director/manager Job Function RESPONDENT CLASSIFICATIONS 5 Which of the following best describes your current job title/function? How long have you been working at your current agency? Job Function and Tenure Examples Include: • Director of Operations • Management Analyst • Program Manager N=200 • A variety of job functions and tenures are represented in the sample, with most being IT management and working at their agency for over 20 years.
  6. 6. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6IT MODERNIZATION AND CONSOLIDATION 48% 20% 32% Increase Decrease No effect In your opinion, do you think the government’s IT modernization and consolidation efforts have resulted in an increase or decrease in the IT security challenges your agency faces? N=200 Government IT Modernization • Almost half say that the government’s IT modernization and consolidation efforts have resulted in an increase in security challenges. • Less than one-quarter believe that security challenges have decreased.
  7. 7. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7IT MODERNIZATION AND CONSOLIDATION 5% 29% 31% 35% 36% 44% 46% 48% 0% 10% 20% 30% 40% 50% 60% Other Too much consolidation Increased compliance reporting Cloud services adoption Organizational changes have disrupted IT processes Lack of familiarity with new systems Complex enterprise management tools Incomplete transitions and difficulty supporting everything Increased IT Challenges What are the reasons you believe cyber security challenges have increased as a result of the government's IT modernization and consolidation efforts? (select all that apply) Note: Multiple responses allowed N=95 Increased Security Challenges • Incomplete transitions during consolidation and modernization projects, complex enterprise management tools and the lack of familiarity with new systems are the main reasons respondents believe IT modernization efforts have resulted in increased security challenges.
  8. 8. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 8IT MODERNIZATION AND CONSOLIDATION 15% 25% 25% 32% 40% 42% 52% 55% 0% 10% 20% 30% 40% 50% 60% Reduced need and time for training Fewer IT management tools with fewer interfaces Reduced number of devices to support Cloud services adoption Fewer configurations to manage and support Standardization simplifies admin/mgmt Legacy equipment replacement Legacy software replacement Decreased IT Challenges What are the reasons you believe cyber security challenges have decreased as a result of the government's IT modernization and consolidation efforts? (select all that apply) Note: Multiple responses allowed N=40 Decreased Security Challenges • Replacement of legacy software and equipment are the main reasons respondents believe IT modernization efforts have resulted in decreased security challenges.
  9. 9. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2% 4% 4% 6% 7% 7% 12% 14% 16% 29% 0% 5% 10% 15% 20% 25% 30% 35% Other Lack of clear standards Lack of technical solutions available at my agency Lack of training for personnel Lack of manpower Lack of top-level direction and leadership Inadequate collaboration with other internal teams or departments Competing priorities and other initiatives Complexity of internal environment Budget constraints 9 IT Security Obstacles IT SECURITY OBSTACLES, THREATS AND BREACHES What is the most significant high-level obstacle to maintaining or improving IT security at your agency? N=200 January 2014: Budget constraints 40% • Budget constraints top the list of significant obstacles to maintaining or improving agency IT security. This has decreased from 40% in the SolarWinds Cybersecurity Survey conducted Q1 2014.
  10. 10. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1% 1% 2% 16% 18% 22% 24% 38% 46% 48% 48% 0% 10% 20% 30% 40% 50% 60% None of the above Unsure of these threats Other Industrial spies For-profit crime Malicious insiders Terrorists Hacktivists General hacking community Foreign governments Careless/untrained insiders 10 Sources of Security Threats IT SECURITY OBSTACLES, THREATS AND BREACHES What are the greatest sources of IT security threats to your agency? (select all that apply) Note: Multiple responses allowed N=200 = statistically significant difference Defense Civilian Foreign governments 62% 37% General hacking community 35% 56% For-profit crime 12% 24% • Careless/untrained insiders, foreign governments and the general hacking community are noted as the largest sources of security threats at federal agencies.
  11. 11. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11 Sources of Security Threats -Trend IT SECURITY OBSTACLES, THREATS AND BREACHES • There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate significant increases in threats from foreign governments and hacktivists. What are the greatest sources of IT security threats to your agency? (select all that apply) Note: Multiple responses allowed N=200 = statistically significant difference 2014 2015 2016 Careless/untrained insiders 42% 53% 48% Foreign governments 34% 38% 48% General hacking community 47% 46% 46% Hacktivists 26% 30% 38% Terrorists 21% 18% 24% Malicious insiders 17% 23% 22% For-profit crime 11% 14% 18% Industrial spies 6% 10% 16% = top 3 sources
  12. 12. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12IT SECURITY OBSTACLES, THREATS AND BREACHES • IT professionals consider human error as the most common security breach to occur in their agency in the past year. 3% 4% 25% 30% 36% 50% 58% 68% 0% 10% 20% 30% 40% 50% 60% 70% 80% Unaware of a breach Other Denial of service Privileged account abuse Theft of IT equipment Malware Phishing Human error Security Breaches Occurred Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply) IT Breaches 3% 20% 27% 21% 16% 14% 0% 10% 20% 30% 40% None 1 2 3 4 5 or more Number of Different Types of Breaches Indicated Note: Multiple responses allowed N=200
  13. 13. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2% 32% 35% 23% 6% 2% 0% 10% 20% 30% 40% None 1 2 3 4 5 or more Number of Different Types of Consequences Indicated 13IT SECURITY OBSTACLES, THREATS AND BREACHES • Personally identifiable information data theft is the most common consequence followed by service outages. Which of the following has your agency experienced in the last year due to security breaches? (select all that apply) Consequences of IT Breaches 2% 3% 8% 12% 25% 36% 39% 40% 44% 0% 10% 20% 30% 40% 50% 60% None of the above Other Financial fraud Modification of databases Agency data theft Misuse of systems Service degradation Service outage PII data theft Consequences of Security Breaches Note: Multiple responses allowed N=194
  14. 14. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14 Vulnerability to Attacks IT SECURITY OBSTACLES, THREATS AND BREACHES • The majority feel their agency is as vulnerable to attacks today as it was a year ago. • However, more feel that the agency is less vulnerable as opposed to more vulnerable. In your opinion, is your agency more or less vulnerable to IT security attacks than it was a year ago? N=200 8% 20% 55% 10% 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 1 2 3 4 5 About the Same Less Vulnerable More Vulnerable Mean 2.87
  15. 15. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2% 3% 9% 9% 10% 10% 16% 16% 17% 17% 20% 22% 24% 26% 44% 0% 10% 20% 30% 40% 50% Other Increased ad-hoc or rogue configuration changes Increased reliance on external vendors Increased use of technology not supported by the IT department Use or increased use of public cloud Increased attack surface Increased amount of data Lack of end user security training Internal bureaucracy Decrease in funding for IT security Increased use of mobile devices Increased network complexity End users do not follow set policies Increased volume of attacks Increased sophistication of threats 15IT SECURITY OBSTACLES, THREATS AND BREACHES What makes your agency more vulnerable to IT security attacks than a year ago? (select the top three) Note: Multiple responses allowed Defense Civilian Increased sophistication of threats 37% 50% End users do not follow set policies 32% 18% Reasons Agencies are More Vulnerable • An increase in the sophistication of threats is the top factor that makes an agency more vulnerable to IT security attacks than a year ago. N=200 = statistically significant difference
  16. 16. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2% 6% 8% 14% 16% 18% 19% 20% 22% 22% 27% 28% 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% Other Improved BYOD policy Improved analysis of logs or user-behavior patterns Improved IT asset management system Implemented or improved an identity management system IT/data center consolidation Improved or increased security training for agency personnel Implemented configuration change management tools Introduced or expanded the use of data encryption Standardized network configurations and monitoring Improved patch management Improved application security Increased use of Smart Cards for dual-factor authentication 16 Reasons Agencies are Less Vulnerable IT SECURITY OBSTACLES, THREATS AND BREACHES What makes your agency less vulnerable to IT security attacks than a year ago? (select the top three) Note: Multiple responses allowed Defense Civilian Increased use of Smart Cards for dual- factor authentication 26% 49% N=200 • Increased use of Smart Cards for dual-factor authentication is given the most credit for making agencies less vulnerable to IT security attacks than a year ago. = statistically significant difference
  17. 17. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 17 IT Security Investment INVESTMENT How will your organization’s investment in resources for IT security in 2016 compare with 2015? 5% 4% 18% 12% 48% 33% 29% 51% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Staff Security tools or solutions Don't know Decrease Remain the same Increase • Half say their agency will increase investment in security tools or solutions in 2016; however, that will not generally translate into investment in staff. N=200
  18. 18. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 1% 34% 36% 43% 50% 58% 59% 60% 62% 62% 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% None of the above File integrity monitoring Security information event management (SIEM) Messaging security Network admission control (NAC) solutions Endpoint security software Identity and access management tools Web application security tools Configuration management Patch management software Smart Card/Common Access Card 18 Current Use of Security Products SECURITY PRODUCT USE Which of these security products and practices are currently in use in your organization? (select all that apply) Defense Civilian Web application security tools 52% 66% • Smart Card/Common Access Cards are used by almost three-fourths of IT professionals. = statistically significant differenceNote: Multiple responses allowed N=200
  19. 19. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 19SECURITY PRODUCT USE 1% 1% 3% 4% 4% 5% 7% 8% 14% 52% 0% 10% 20% 30% 40% 50% 60% Network admission control (NAC) File integrity monitoring Messaging security Web application security SIEM Configuration management Patch management Endpoint security Identity and access management Smart Card / Common Access Card Percent that Selected Each Product as Most Valuable Please rank the top three security products you find most valuable. Most Valuable Security Products • Smart Card/Common Access Card for authentication is by far the most valuable security product used by federal IT professionals. Note: Multiple responses allowed N=166 (Rank 1-3, 1 is Most Valuable) Average Rank Smart Card / Common Access Card 1.29 Identity and access management tools 1.79 Messaging security software 2.09 Patch management software 2.09 Endpoint security software 2.15 Configuration management software 2.28 Security information event management (SIEM) software 2.30 Web application security tools 2.30 Network admission control (NAC) solutions 2.37 File integrity monitoring software 2.47
  20. 20. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 20SECURITY PRODUCT USE 13% 5% 12% 14% 12% 10% 12% 10% 5% 11% 0% 2% 4% 6% 8% 10% 12% 14% 16% 1 2 3 4 5 6 7 8 9 10 Which of these security products and practices are currently in use in your organization? Note: Multiple responses allowed. *See slide 18 for complete list of products on survey N=200 Number of Security Products Used • IT professionals say they use approximately five out of the ten listed products or practices included on the survey. Mean 5.35
  21. 21. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 21 IT Security Changes IT SECURITY CHANGES Compared to 2014, how did each of the following change in your agency in 2015? 8% 7% 8% 8% 38% 38% 21% 20% 35% 33% 45% 34% 20% 22% 26% 38% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Time to detection Time to response Time to resolution Number of IT security incidents Don't know Decreased Remained the same Increased • The plurality believe that time to detection and response has decreased in 2015, and the number of IT security incidents have increased. N=200
  22. 22. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7% 9% 8% 7% 8% 6% 8% 9% 23% 17% 48% 28% 44% 32% 24% 18% 33% 34% 34% 36% 32% 34% 47% 43% 37% 39% 10% 28% 16% 28% 21% 29% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Defense Civilian Defense Civilian Defense Civilian Defense Civilian Increased Remained the same Decreased Don't know 22IT SECURITY CHANGES • Though defense and civilian IT professionals agree on the trend in the number of incidents, they differ on their responses to security incidents. • A significantly greater proportion of civilian IT professionals have seen increased response and detection times, while a significantly greater proportion of defense IT professionals have seen decreases in response and detection times. Number of IT security incidents Time to detection Time to response Time to resolution IT Security Changes Compared to 2014, how did each of the following change in your agency in 2015? N=200 = statistically significant difference
  23. 23. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 23DETECTION AND RESPONSE 20% 20% 14% 12% 19% 14% 11% 15% 12% 4% 4% 2% 1% 2% 2% 1% 1% 1% 11% 5% 8% 8% 6% 10% 7% 4% 10% 22% 23% 28% 20% 22% 22% 18% 14% 14% 33% 29% 26% 38% 28% 29% 32% 30% 23% 10% 20% 22% 22% 24% 24% 30% 36% 39% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Social engineering Cross site scripting Misuse/abuse of credentials Phishing attacks SQL injections Exploit of vulnerabilities Malware Denial of device attacks Rogue devices Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes How long does it typically take your organization to detect and/or analyze the following security events? Security Event Detection Speed • Quicker detection is noted for rogue devices, denial of device attacks and malware. N=200
  24. 24. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 24DETECTION AND RESPONSE 16% 9% 13% 14% 11% 11% 11% 2% 10% 2% 1% 13% 15% 9% 7% 8% 7% 27% 29% 24% 24% 24% 19% 22% 35% 30% 20% 23% 24% 11% 12% 21% 26% 31% 38% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Inappropriate sharing of documents Patches not up to date Authorized non-compliant changes Data copied to an unapproved device Unauthorized configuration changes Inappropriate internet access Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes How long does it typically take your organization to detect the following compliance issues? N=200 Compliance Detection Speed • Quicker detection is noted for inappropriate internet access and unauthorized configuration changes. • Inappropriate sharing is the most difficult to detect.
  25. 25. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 25DETECTION AND RESPONSE 8% 17% 7% 15% 10% 17% 2% 1% 3% 5% 13% 8% 12% 8% 9% 2% 11% 11% 17% 19% 29% 25% 22% 20% 26% 27% 19% 25% 17%54% 27% 38% 25% 32% 20% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Defense Civilian Defense Civilian Defense Civilian Within minutes Within one day Within a few days Within a few weeks No ability to detect Don't know/unsure How long does it typically take your organization to detect and/or analyze the following security events? How long does it typically take your organization to detect the following compliance issues? Rogue devices Unauthorized configuration changes Data copied to unapproved devices Security Event & Compliance Detection • A significantly greater proportion of defense respondents indicate detection of rogue devices, unauthorized configuration changes and data copied to unapproved devices within minutes. = statistically significant differenceN=200
  26. 26. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 26SECURITY PRODUCT USE, DETECTION AND RESPONSE Compared to 2014, how did each of the following change in your agency in 2015? Which of these security products and practices are currently in use in your organization? (select all that apply) 7% 9% 7% 8% 7% 7% 8% 9% 21% 18% 45% 25% 44% 26% 22% 20% 30% 39% 34% 37% 31% 36% 50% 37% 42% 33% 14% 30% 17% 32% 20% 34% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Use Do not use Use Do not use Use Do not use Use Do not use Increased Remained the same Decreased Don't know/unsure Number of IT security incidents Time to detection Time to response Time to resolution Patch Management and Detection Trend • Relative to non-users, a significantly greater proportion of users of patch management software report a decrease in the time to detect and response to IT security incidents. = statistically significant difference Use n=124 Do not use n=76
  27. 27. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 27SECURITY PRODUCT USE, DETECTION AND RESPONSE 4% 1% 24% 26% 32% 42% 42% 58% 2% 5% 26% 31% 38% 56% 68% 75% 0% 10% 20% 30% 40% 50% 60% 70% 80% Unaware of a breach Other Denial of service Privileged account abuse Theft of IT equipment Malware Phishing Human error Security Breaches Occurred Use Do Not Use Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply) 2.98 2.25 0 1 1 2 2 3 3 4 Use Do not use Number of Different Types of Breaches Indicated Patch Management and IT Breaches • Likely due to increased detection, IT professionals who use patch management software report more breaches of many kinds in the past year. = statistically significant differenceNote: Multiple responses allowed Use n=124 Do not use n=76
  28. 28. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 28SECURITY PRODUCT USE, DETECTION AND RESPONSE • Those who currently use patch management software are significantly more able to detect, within minutes, the following events: o Rogue devices o Denial of device attacks o Unauthorized configuration changes 16% 17% 9% 17% 24% 20% 17% 20% 21% 21% 26% 24% 24% 32% 28% 8% 9% 10% 21% 21% 22% 24% 26% 26% 28% 33% 35% 43% 43% 46% 0% 10% 20% 30% 40% 50% Inappropriate sharing of documents Patches not up to date Social engineering Cross site scripting Phishing Authorized non-compliant changes Misuse/abuse of credentials SQL Injections Exploit of vulnerabilities Data copied to unapproved device Malware Unauthorized configuration changes Denial of device attacks Inappropriate internet access Rogue devices Use Do Not Use How long does it typically take your organization to detect and/or analyze the following security events? How long does it typically take your organization to detect the following compliance issues? Note: Multiple responses allowed Patch Management and Detection Within Minutes = statistically significant difference Use n=124 Do not use n=76
  29. 29. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 29SECURITY PRODUCT USE, DETECTION AND RESPONSE • Relative to non-users, a significantly greater proportion of users of configuration management software report a decrease in the time to respond to IT security incidents. Compared to 2014, how did each of the following change in your agency in 2015? Which of these security products and practices are currently in use in your organization? (select all that apply) 7% 10% 7% 8% 7% 6% 8% 9% 19% 22% 41% 32% 47% 23% 49% 39% 35% 32% 32% 39% 28% 41% 21% 22% 40% 37% 19% 22% 17% 30% 22% 30% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Use Do not use Use Do not use Use Do not use Use Do not use Increased Remained the same Decreased Don't know/unsure Number of IT security incidents Time to detection Time to response Time to resolution = statistically significant difference Configuration Management and Detection Trend Use n=124 Do not use n=76
  30. 30. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 30SECURITY PRODUCT USE, DETECTION AND RESPONSE • Likely due to increased detection, IT professionals who use configuration management software report more breaches of all kinds. 3% 4% 24% 27% 30% 38% 44% 56% 3% 3% 26% 31% 39% 59% 67% 77% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Unaware of a breach Other Denial of service Privileged account abuse Theft of IT equipment Malware Phishing Human error Security Breaches Occurred Use Do Not Use Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply) 3.02 2.23 0 1 1 2 2 3 3 4 Use Do not use Number of Different Types of Breaches Indicated Configuration Management and IT Breaches = statistically significant differenceNote: Multiple responses allowed Use n=124 Do not use n=76
  31. 31. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 31SECURITY PRODUCT USE, DETECTION AND RESPONSE • Those who currently use configuration management software primarily see benefits with respect to rogue devices on the network and distributed denial of device attacks. 14% 14% 11% 25% 16% 20% 22% 30% 23% 18% 28% 29% 41% 24% 32% 7% 9% 12% 18% 21% 22% 22% 22% 25% 27% 32% 32% 37% 43% 44% 0% 10% 20% 30% 40% 50% Social engineering Inappropriate sharing of documents Patches not up to date Authorized non-complaint changes Cross site scripting Misuse/abuse of credentials Phishing Data copied to unapproved device Exploit of vulnerabilities SQL injections Malware Unauthorized configuration changes Inappropriate internet access Denial of device attacks Rogue devices Use Do Not Use How long does it typically take your organization to detect and/or analyze the following security events? How long does it typically take your organization to detect the following compliance issues? Configuration Management and Detection Within Minutes Note: Multiple responses allowed = statistically significant difference Use n=124 Do not use n=76
  32. 32. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 32SECURITY PRODUCT USE, DETECTION AND RESPONSE Compared to 2014, how did each of the following change in your agency in 2015? Which of these security products and practices are currently in use in your organization? (select all that apply) 7% 9% 8% 7% 7% 7% 7% 9% 15% 23% 44% 34% 44% 34% 21% 21% 32% 34% 28% 39% 29% 35% 49% 43% 46% 34% 19% 20% 19% 24% 24% 27% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Use Do not use Use Do not use Use Do not use Use Do not use Increased Remained the same Decreased Don't know/unsure Number of IT security incidents Time to detection Time to response Time to resolution SIEM and Detection Trend • Security information event management (SIEM) software users report an increase in incident detection and a decrease in time to detect and respond. However, they report similar changes to those who do not use SIEM. There are no statistically significant differences. Use n=72 Do not use n=128
  33. 33. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 33SECURITY PRODUCT USE, DETECTION AND RESPONSE 3% 2% 23% 30% 31% 50% 51% 64% 3% 7% 28% 28% 43% 51% 71% 76% 0% 10% 20% 30% 40% 50% 60% 70% 80% Unaware of a breach Other Denial of service Privileged account abuse Theft of IT equipment Malware Phishing Human error Security Breaches Occurred Use Do Not Use 3.04 2.52 0 1 1 2 2 3 3 4 Use Do not use Number of Different Types of Breaches Indicated SIEM and IT Breaches • SIEM users detect phishing attacks in their agency significantly more than those who do not use SIEM. Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply) = statistically significant differenceNote: Multiple responses allowed Use n=72 Do not use n=128
  34. 34. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 34SECURITY PRODUCT USE, DETECTION AND RESPONSE • Those who currently use SIEM software are significantly more able to detect, within minutes, almost all threats listed on the survey. 9% 11% 11% 17% 14% 17% 18% 23% 20% 18% 26% 31% 23% 34% 31% 11% 11% 14% 28% 29% 29% 29% 29% 32% 33% 40% 43% 44% 46% 53% 0% 10% 20% 30% 40% 50% 60% Social engineering Inappropriate sharing of documents Patches not up to date Authorized non-compliant changes Cross site scripting Misuse/abuse of credentials Phishing Data copied to unapproved device Exploit of vulnerabilities SQL injections Unauthorized configuration changes Denial of device attacks Malware Inappropriate internet access Rogue devices Use Do Not Use How long does it typically take your organization to detect and/or analyze the following security events? How long does it typically take your organization to detect the following compliance issues? SIEM and Detection Within Minutes Note: Multiple responses allowed = statistically significant difference Use n=72 Do not use n=128
  35. 35. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Contact Information RESEARCH TO INFORM YOUR BUSINESS DECISIONS Laurie Morrow, Director of Research Services | Market Connections, Inc. 11350 Random Hills Road, Suite 800 | Fairfax, VA 22033 | 703.378.2025, ext. 101 LaurieM@marketconnectionsinc.com Lisa M. Sherwin Wulf, Director of Marketing - Federal | SolarWinds 703.234.5386 Lisa.SherwinWulf@solarwinds.com www.solarwinds.com/federal LinkedIn: SolarWinds Government 35
  36. 36. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025 © 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 36 The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC and its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.

×