Our presenter discussed and demonstrated best practices to help detect and combat insider threats, including information about implementing the right tools, along with continuous monitoring of systems and networks to aid in mitigation and prevention. Monitoring data can help agencies make informed decisions, safeguard against insider threats, and quickly identify and fix vulnerabilities. He also suggested ideas that we believe will help to enforce good information security habits within your organization to help improve your agency’s security posture. During this interactive webinar, attendees learned: How event monitoring, performance monitoring, and log management can be utilized to help detect and prevent threats, and help ensure that devices are operating and being used properly How configuration management can be leveraged to help prevent errors and reduce vulnerabilities How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats How to track devices and users on your network, and maintain historic data for forensics Ideas about building security into your IT community with daily activities and conversations How an approach styled after a secure development lifecycle can lead to improved security practices

1. @solarwinds
Best Practices and Tools for Reducing
Insider Threats
Federal webinar
November 29, 2018

2. @solarwinds 2
• SolarWinds Overview
• Leading Sources of Security Threats
• Insider Threat Flow Response Process
• SolarWinds® Security and Network Tools Can Help
• Building Security Into Your IT Security Posture
• Demonstration
• Compliance Resources
• Q&A
Presented by:
Sean Martinez
Sales Engineer, Advisory
SolarWinds
sean.martinez@solarwinds.com
Agenda
© 2018 SolarWinds Worldwide, LLC. All rights reserved.

3. @solarwinds 3
SolarWinds at a Glance
© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
1 Customers are defined as individuals or entities that have an active subscription for our subscription products or that have purchased one or more of our perpetual license products since our inception under a unique customer identification number. We may have multiple
purchasers of our products within a single organization, each of which may be assigned a unique customer identification number and deemed a separate customer.
2 IDC defined Network Management Software functional market, IDC’s Worldwide Semiannual Software Tracker, April 2018.
#1
in Network
Management2
275,000+
customers in 190
countries1
499
of Fortune 500®
50+
IT management
products
22,000+ > 450,000+
MSPs serving organizations
Every Branch of the DoD, and
nearly every civilian and
intelligence agency
150,000+ THWACK® registered members
Founded in 1999
More than 2,400 employees
globally
Austin, TX headquarters
Herndon, VA federal office
30+ offices globally
Leader
in Remote Monitoring
and Management

4. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 4
Careless/untrained insiders and foreign governments are noted as the largest sources of security threats at federal agencies.
Significantly more defense than civilian respondents indicate malicious insiders are a security threat at their agency.
Sources of Security Threats
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed
2%
1%
2%
12%
17%
20%
29%
34%
38%
48%
54%
0% 10% 20% 30% 40% 50% 60%
None of the above
Other
Unsure of these threats
Industrial spies
For-profit crime
Terrorists
Malicious insiders
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
By Agency Type
Defense Civilian
40% 21%
= statistically significant difference

5. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 5
There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate
significant increases in threats from both careless/untrained and malicious insiders.
Sources of Security Threats - Trend
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed = statistically significant difference= top 3 sources
2014 2015 2016 2017
Careless/untrained
insiders
42% 53% 48% 54%
Foreign governments 34% 38% 48% 48%
General hacking
community
47% 46% 46% 38%
Hacktivists 26% 30% 38% 34%
Malicious insiders 17% 23% 22% 29%
Terrorists 21% 18% 24% 20%
For-profit crime 11% 14% 18% 17%
Industrial spies 6% 10% 16% 12%

6. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
6
Insider Threat Detection Difficulties
2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
The volume of network activity is noted most often as what makes insider threat detection and
prevention most difficult. One third also note the lack of IT staff training, the use of cloud
services, and pressure to change configuration quickly versus securely.
In today’s environment, what makes insider threat detection and prevention more difficult?
3%
19%
22%
23%
24%
24%
26%
27%
27%
30%
34%
35%
35%
40%
0% 10% 20% 30% 40% 50%
Other
Functionality of and access to critical systems
Inadequate change control practices
Complexity of monitoring tools
Inadequate configuration management of IT assets
Inadequate visibility into users’ network activity
Inadequate monitoring of storage devices
Growing adoption of BYOD
Cost of sophisticated tools
Use of mobile devices
Pressure to change IT configurations quickly more so…
Growing use of cloud services
Lack of IT staff training
Volume of network activity
Defense Civilian
Inadequate
configuration
management
of IT assets
17% 28%
Inadequate
monitoring of
storage
devices
18% 32%
= statistically significant difference
Note: Multiple responses allowed
N=200
IT/ Security
Staff
IT/Security
Manager/
Director
Volume of
network
activity
29% 44%

7. SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4%
24%
28%
31%
33%
36%
37%
37%
41%
44%
49%
0% 10% 20% 30% 40% 50% 60%
Other
Insecure configuration of IT assets
Incorrect disposal of hardware
Not applying security updates
Incorrect use of approved personal devices
Device loss
Poor password management
Using personal devices that are against company IT policies
Accidentally deleting, corrupting or modifying critical data
Data copied to insecure device
Phishing attacks
7
Accidental Insider Breach Causes
2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
The most common causes of accidental insider IT security breaches are phishing attacks, followed by
data copied to an insecure device and accidentally deleting, corrupting, or modifying critical data.
What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee?
Note: Multiple responses allowed
N=200
Defense Civilian
Device loss 26% 43%
= statistically significant difference
IT/ Security
Staff
IT/Security
Manager/
Director
Insecure
configuration
of IT assets
17% 36%

8. @solarwinds 8
Insider Threat Flow Response Process
Policy Implementation:
• Reduced risk of outages and security
breaches
• Help assure service health and performance
• Stricter control of change and configuration
management process
• Faster problem identification and resolution
• Visibility to design changes that avoid future
problems
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

9. @solarwinds 9
Insider Threat: Identify
Identify:
• Updated Inventory of Infrastructure
• Understanding of your Area of
Responsibility
• Know and protect your critical assets
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

10. @solarwinds 10
Insider Threat: Control
Control:
Organizations typically have a number of tools and
processes to plan for and document expected
changes
• Develop a formalized insider threat program
• Configuration management tools can help inventory network
device configurations, assess them for compliance, and
automate change and configuration management
• Configuration Control and automation
• Security Event Appliance (SEIM) Tools to collect, correlate,
and respond to threats through automation rulesets
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

11. @solarwinds 11
Insider Threat: Monitor
Monitor:
• Deploy solutions for monitoring employee actions and
correlating information from multiple data sources
• Network, application, and system monitoring, and
management tools, provide needed visibility
• These tools continuously collect data on IT operations and
alert on anomalies
• Infrastructure performance monitoring metrics can
compliment your other security tools to help detect and
mitigate issues, such as Advanced Persistent Threats
• Infrastructure broken into different focuses:
• Systems
• Network
• Management/Mission Impact
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

12. @solarwinds 12
Insider Threat: Verify
Verify:
• Performance baselines can help identify threats, and
provide constant and valuable insight into network
activities
• Clearly document and consistently enforce policies and
controls
• Device tracking provides forensic data to help locate,
identify, and isolate threat sources, or enforce your
BYOD/mobility policies
• Key Areas:
• Reports
• Compliance
• Thresholds
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

13. @solarwinds 13
Threat Process Wheel Aligned to SolarWinds Products
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Log & Event
Manager
Network
Performance
Monitor
Network
Configuration
Manager
IP Address
Manager
User Device
Tracker
Patch
Manager
Server
Configuration
Monitor
Network
Topology
Mapper
Threat Process
Wheel
Network
Performance
Monitor Access Rights
Manager

14. @solarwinds
Security and Network Management Tools Can Help
Security and network management tools can help with compliance
• Log & Event Manager is a SIEM that uses logs
for security and compliance
• Network Performance Monitor offers continuous
monitoring, audit documentation, and reporting
• Network Configuration Manager centralizes
change management and reporting
• Patch Manager centralizes updates and helps
reduce vulnerability
• Access Rights Manager manages and audits
user access rights across your infrastructure
• Sever Configuration Monitor tracks system and
application changes
• User Device Tracker and IP Address Manager
can support compliance enforcement
Log & Event
Manager
Patch
Manager
Network
Performance
Monitor
Network
Configuration
Manager
Access Rights
Manager
Server
Configuration
Monitor
More information: http://www.solarwinds.com/federal-government/solution/cyber-security
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 14
IP Address
Manager
User
Device
Tracker

15. @solarwinds
SolarWinds Compliance Features
• Configure correlation rules to help assure effectiveness of security controls
• Support real-time and continuous monitoring of security controls
• Monitor for Active Directory® events and changes
• Produce FISMA and DISA STIGs compliance reports from templates
• Support DISA STIGs requirements for configuration auditing, log analysis,
and broader network security
• Track and report suspicious activities/attacks to provide auditing support
Log & Event Manager can help to:
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 15

16. @solarwinds
SolarWinds Compliance Features
• Visualize the entire environment to include interconnection to remote
sites
• Do infrastructure Key Performance Indicator monitoring
• Evaluate trend utilization for capacity planning
• Track multicast or firewall port discards
• Monitor network health and availability
• Identify protocol latency delays
• Produce audit documentation and reports
• Notify when issues occur based on thresholds and baseline from past
performance data
Network Performance Monitor can enable you to:
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 16

17. @solarwinds
SolarWinds Compliance Features
• Inventory network device configurations, assess configurations for
compliance, and automate change and configuration management
• Implementation of configuration of security controls and help
assure effectiveness
• Producing FISMA and DISA STIGs reports, and taking corrective
actions
• Producing audit documentation and reports to support DISA CCRI
or OMB audits
Network Configuration Manager is designed to
support:
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 17

18. @solarwinds
• Utilize WSUS or SCCM to push patches
• Set-up scheduled and on-demand patching installation
• Support Microsoft® Windows® Systems and MS patching
• Automate patching third-party applications without an agent
• Schedule patches for minimum downtime
• Tier areas of the infrastructure for the ability to recall and replace patches as
they are superseded
• Inventory software and physical components per server or workstation
Patch Manager can help you to:
• Standard Monthly Creators Update has came with no less than 3 – 5 superseding updates for BSOD Issues?
• Entire patching for the Month of October was recalled and re-released 4 weeks later than the original releases?
• Microsoft Windows Update MVPs have sent Microsoft a formal letter detailing the issues of the Windows update
Experience?
• Updates still need to be tested internally before sending out to the masses?
Did you know?
SolarWinds Compliance Features
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 18

19. @solarwinds
SolarWinds Compliance Features
• Help improve security posture and mitigate insider threats
• Help demonstrate compliance with built-in customizable reports
• Monitor Active Directory and Microsoft® Exchange™
• Easily manage user permissions and provisioning
Access Rights Manager is designed to:
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 19
• Track System and Application Changes
• Discover Changes That Were Made Offline
• Compare Configuration Changes Over Time
• Correlate Configuration Changes to Performance
• Manage Your Asset Inventory
Server Configuration Monitor can help to:

20. @solarwinds 20
Insider Threat: Repetition
Process Repetition:
• Policy strategy, success for all
• Simple: simplicity is key with an emphasis on
ease of use to utilize configuration
monitoring, alerting, and auditing
• Incorporate malicious and unintentional
insider threat awareness into periodic
security training for all employees
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat Process
Wheel

21. @solarwinds
• Embed security practices and conversations about good security habits within your
daily office environment
• Gamifying security training
• Document and test your security policies
• Conduct annual security awareness training
• Leverage cyber security certification training (e.g., DOD 8570)
• Document security incident reporting procedures (e.g., wallet cards, desk references, etc.)
• Utilize Two Factor Authentication
• Implement an approach styled after a Secure Development Lifecycle (SDL)
• SDLs consist of the security processes and activities performed for every software release
• Although conceived for development, their principles can be applied across your agency
• For example, by agreeing upon standard security practices for processes that involve sensitive
data, you can help instill Information Security (InfoSec) into your agency
Build Security Into Your Community
21© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.

22. @solarwinds
Product Demonstrations

23. @solarwinds 23
Risk assessment dashboard
Access Rights Manager
© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.

24. @solarwinds 24
Active Directory graphical analysis
Access Rights Manager
© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.

25. @solarwinds
When Combating the Insider Threats
• Meeting compliance standards does not mean you are secure
• Careless or untrained insiders can be the largest source of federal security
threats
• High-performing agencies with excellent IT controls experience:
• Fewer cyberthreats
• Faster response time to threats
• Positive results from IT modernization initiatives
• Continuous review of your IT controls may help to improve your security posture
• SolarWinds has tools designed to help
25© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.

26. @solarwinds
• Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-
blog/blog/2015/08/01/fisma-nist-800-53-compliance-with-solarwinds-products
• Review a blog on how SolarWinds software can help with DISA STIGS compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-
blog/blog/2011/09/07/disa-stig-compliance-with-log-event-manager
• Watch a federal security compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a compliance white paper:
http://go.solarwinds.com/Compliance_LEM_16?Program=999&c=70150000000qf3c
• Download a continuous monitoring white paper:
http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
Compliance Resources
26© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.

27. @solarwinds
Q&A
Contact Federal Sales:
877.946.3751
federalsales@solarwinds.com
27

28. @solarwinds
Contact Us
• Watch a short demo video: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our Federal website: http://www.solarwinds.com/federal
• Call the SolarWinds Federal sales team: 877.946.3751
• Email federal sales: federalsales@solarwinds.com
• Email our Government Distributor DLT®: solarwinds@dlt.com
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
Let us know how we can help you
© 2018 SolarWinds Worldwide, LLC. All Rights Reserved. 28

29. @solarwinds
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are
the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are
registered with the U.S. Patent and Trademark Office, and may be
registered or pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks or are
registered or pending registration. All other trademarks mentioned herein
are used for identification purposes only and are trademarks of (and may be
registered trademarks) of their respective companies.
29