According to the fourth annual Federal Cybersecurity Survey from SolarWinds and Market Connections, insider threats are the leading source of threats to federal agencies. Human error is one of the most common insider threats, followed by abuse of privileges, and theft. The increased sophistication of threats, volume of attacks, and end-user policy violations make agencies more vulnerable than ever. In this webinar, we discussed how implementing the right tools, as well as continuously monitoring systems and networks, can provide the data to make informed decisions and help agencies safeguard against insider threats, and quickly identify and fix vulnerabilities. During this webinar our presenters discussed: The 2017 SolarWinds Federal Cybersecurity Survey, and the top sources of threats How the right tools and technologies can provide IT infrastructure data to help safeguard against malicious and non-malicious internal threats, including: Utilizing fault, performance, and log management data to help ensure that devices are continuously monitored and operating correctly Leveraging configuration management to help prevent errors and reduce vulnerabilities How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats and help to reduce vulnerability, including: Utilizing log data to detect malicious or out-of-policy actions, fine-tune firewall configurations, and monitor Active Directory® changes How to track devices and users on your network and maintain historic data for forensics

1. Leverage IT Operations Monitoring and
Log Data to Reduce Insider Threats
Federal Webcast
April 26, 2018

2. © 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
•SolarWinds company overview
•2017 SolarWinds Federal Cybersecurity Survey overview
•Leveraging SolarWinds® security and network
management tools
•Best practices for combating insider threats
•Security and network management overview
•Compliance features
•SolarWinds Log & Event Manager overview
•Demonstration
•Q&A
•Additional resources
Agenda
Presented by:
Paul Parker
Chief Technologist - Federal and
National Government
paul.parker@solarwinds.com
Omar Rafik
Federal Senior Sales Engineering
Manager
omar.rafik@solarwinds.com

3. 3
SolarWinds Overview
•Over 250,000 customers in 170 countries; SMB to
Fortune 500®
•More than 425 of the Fortune 500 are customers
•Every branch of DoD and virtually every civilian and
intelligence agency
•Maintained number one position in global market
for Network Management Software in the IDC®
Worldwide Semi-Annual Software Tracker 1H 2017
•Headquarters in Austin, TX
•Federal office in Herndon, VA
•2,200+ employees worldwide
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Servers &
Applications
Database
Network
Storage
Security
User
Experience

4. Security
Management
Log and Event
Patch
Product Mission: Enable IT and DevOps pros to
proactively and reactively monitor, alert, troubleshoot,
and resolve infrastructure issues.
What We Offer Today
• Building toward our future
Network
Management
Performance
Configuration
IP Address
VoIP
Applications and
Management
Servers and Apps
Virtualization
Storage
Database
Management
Database
Performance
Tools
Remote
Troubleshooting
Web Help Desk®
Topology Mapping
Configuration
MySQL®
Oracle®
SQL Server®
DB2®
SAP® ASE
Device Tracking
Secure File Transfer
Web Performance
Product Principles: Fast (immediate accessibility), easy
(best-in-class UX), and affordable (starting price for
agencies of all sizes).
© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
Cloud

5. © 2018 SolarWinds Worldwide, LLC. All rights reserved.
The SolarWinds Orion Platform
The Orion® Platform powers SolarWinds networking
and systems management products
• Modular, extensible, unified, and scalable platform for a hybrid IT world
• Unified view from network to web performance metrics for faster root cause
identification and troubleshooting
• Centralized administration, access control, advanced alerting, and reporting
5

6. SolarWinds 2017 Federal Cybersecurity Survey
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
•SolarWinds contracted Market Connections
to conduct a fourth annual blind online
survey among 200 federal government IT
decision makers and influencers in July 2017
•The objectives were to determine
challenges, quantify sources and types of
threats, and explore successful
cybersecurity strategies

7. SOLARWINDS FEDERAL 2017 CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 7
• Careless/untrained insiders and foreign governments are noted as the largest sources of security threats at federal
agencies. Significantly more defense than civilian respondents indicate malicious insiders is a security threat at
their agency.
Sources of Security Threats
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed
2%
1%
2%
12%
17%
20%
29%
34%
38%
48%
54%
0% 10% 20% 30% 40% 50% 60%
None of the above
Other
Unsure of these threats
Industrial spies
For-profit crime
Terrorists
Malicious insiders
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
By Agency Type
Defense Civilian
40% 21%
= statistically significant difference

8. SOLARWINDS FEDERAL 2017 CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 8
• There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate
significant increases in threats from both careless/untrained and malicious insiders.
Sources of Security Threats - Trend
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
Note: Multiple responses allowed = statistically significant difference= top 3 sources
2014 2015 2016 2017
Careless/untrained
insiders
42% 53% 48% 54%
Foreign governments 34% 38% 48% 48%
General hacking
community
47% 46% 46% 38%
Hacktivists 26% 30% 38% 34%
Malicious insiders 17% 23% 22% 29%
Terrorists 21% 18% 24% 20%
For-profit crime 11% 14% 18% 17%
Industrial spies 6% 10% 16% 12%

9. SOLARWINDS FEDERAL 2015 CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
9
Insider Threat Detection Difficulties
INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
• The volume of network activity is noted most often as what makes insider threat detection and prevention most difficult. One
third also note the lack of IT staff training, the use of cloud services, and pressure to change configuration quickly versus
securely.
In today’s environment, what makes insider threat detection and prevention more difficult?
3%
19%
22%
23%
24%
24%
26%
27%
27%
30%
34%
35%
35%
40%
0% 10% 20% 30% 40% 50%
Other
Functionality of and access to critical systems
Inadequate change control practices
Complexity of monitoring tools
Inadequate configuration management of IT…
Inadequate visibility into users’ network activity
Inadequate monitoring of storage devices
Growing adoption of BYOD
Cost of sophisticated tools
Use of mobile devices
Pressure to change IT configurations quickly…
Growing use of cloud services
Lack of IT staff training
Volume of network activity
Defense Civilian
Inadequate
configuration
management
of IT assets
17% 28%
Inadequate
monitoring of
storage
devices
18% 32%
= statistically significant difference
Note: Multiple responses allowed
N=200
IT/ Security
Staff
IT/Security
Manager/
Director
Volume of
network
activity
29% 44%

10. SOLARWINDS FEDERAL 2015 CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4%
24%
28%
31%
33%
36%
37%
37%
41%
44%
49%
0% 10% 20% 30% 40% 50% 60%
Other
Insecure configuration of IT assets
Incorrect disposal of hardware
Not applying security updates
Incorrect use of approved personal devices
Device loss
Poor password management
Using personal devices that are against…
Accidentally deleting, corrupting or…
Data copied to insecure device
Phishing attacks
10
Accidental Insider Breach Causes
INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
• The most common causes of accidental insider IT security breaches are phishing attacks, followed by data copied to an insecure
device and accidentally deleting, corrupting, or modifying critical data.
What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee?
Note: Multiple responses allowed
N=200
Defense Civilian
Device loss 26% 43%
= statistically significant difference
IT/ Security
Staff
IT/Security
Manager/
Director
Insecure
configuration
of IT assets
17% 36%

11. SOLARWINDS FEDERAL 2017 CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
12%
10%
18%
16%
11%
14%
9%
12%
14%
16%
74%
68%
58%
59%
60%
49%
54%
45%
35%
32%
14%
22%
23%
25%
29%
37%
37%
43%
50%
52%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
APT
Mobile device theft
Physical security attacks
Insider data leakage/Theft
Denial of service
External hacking
Ransomware
Social engineering
Malware
SPAM
Decreased No Change Increased
IT SECURITY OBSTACLES, THREATS, AND BREACHES 11
• In the past 12 months, half of respondents have seen SPAM and malware increase at their agency.
Change in Security Threats
In the past 12 months, has your agency seen any changes in the following types of cyber security threats?
N=200

12. Leveraging SolarWinds Security and
Network Management Tools

13. Best Practices for Combating Insider Threats
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
•Know and protect your critical assets
•Develop a formalized insider threat program
•Deploy solutions for monitoring employees actions and correlating information from
multiple data sources
•Clearly document and consistently enforce policies and controls
•Incorporate malicious and unintentional insider threat awareness into periodic security
training for all employees
Source: CERT Insider Threat Center https://insights.sei.cmu.edu/sei_blog/2017/11/5-best-practices-to-prevent-insider-threat.html

14. Security and Network Management Tools Can Help
Security and network management tools can help with compliance
• Configuration management software centralizes
change management and reporting
• Log and event management (SIEM) software
uses logs for security and compliance
• Patch management software centralizes updates
and reduces vulnerability
• Device tracking, IP management, and switch
port management for compliance enforcement
• Network management software for continuous
monitoring, audit documentation, and reporting
Log and Event
Management
Patch
Management
Network
Management
Configuration
Management
IP Address
Management
User Device
Tracking
More information: http://www.solarwinds.com/federal-government/solution/cyber-security
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

15. SolarWinds Compliance Features
• Inventory network device configurations, assess configurations for compliance,
and automate change and configuration management
• Implement configuration of security controls and help assure effectiveness
• Produce FISMA and DISA STIGs reports and take corrective actions
• Produce audit documentation and reports to support DISA CCRI or OMB audits
Network Configuration Manager
• Configure correlation rules to help assure effectiveness of security controls
• Real-time and continuous monitoring of security controls
• Monitor for Active Directory® events and changes
• Produce FISMA and DISA STIGs compliance reports from templates
• Supports DISA STIGs requirements for configuration auditing, log analysis,
and broader network security
• Tracks and report suspicious activities/attacks to provide auditing support
Log & Event Manager
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

16. SolarWinds Compliance Features
• Trend utilization for capacity planning
• Track multicast or firewall port discards
• Monitor network health and availability
• Identify protocol latency delays
• Produce audit documentation and reports
Network Performance Monitor
• Automate patching of Microsoft® and third-party applications to help
improve compliance
• Schedule patches for minimum downtime
• Inventory software and physical components per server or workstation
Patch Manager
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

17. A Need for Monitoring Active Directory
•Targeted attacks are more sophisticated
•It is difficult to completely prevent attacks by just
defending the border
•Attackers remain within the systems of an organization
and cleverly steal information over a long period of time
•If detection is delayed, damages increase. It is critical to
detect as soon as possible to stop the attack
•Monitoring Active Directory is a critical layer of your
defense, especially when it comes to detection of breach
“Our daily life, economic vitality, and national security depend on
a stable, safe, and resilient cyberspace.”
Department of Homeland Security Cybersecurity Topics Page
https://www.dhs.gov/topic/cybersecurity
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

18. Monitoring for Active Directory Events and Changes
•User events
New user creation | user lock-out event | user-enabled event | user deleted
•Authentication events
User logons | failed logons
(Windows® 10 Logon/Logoff Auditing can generate 27 different types of events)
(For object access in Windows 10, auditing events can generate 41 events)
•Group changes
Adding to groups | removing from groups | creating new groups
•Policy changes
Group policy | audit policy
•Password resets
Verify admin changes | verify users comply with internal policies and procedures
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

19. SolarWinds Log & Event Manager
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

20. Log & Event Manager
Powerful and affordable SIEM
•Scalable and easy collection of network device,
machine, and cloud logs
•Real-time, in-memory event correlation
•Define rules and configure alerts
•Advanced IT search for event forensic analysis
•Threat intelligence feed integration
•Log data compression and retention
•Single sign-on/smart card integration
•Embedded, real-time file integrity monitoring
• Built-in Active Responses
•USB Defender®
•Out-of-the-box security and compliance reporting
templates
•Easy to use and deploy
•Links: Data - Demo - Resource
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

21. Demonstration

22. When Fighting Against Insider Threats …
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
•Meeting compliance standards does not mean you are secure
•High-performing agencies with excellent IT controls experience:
• Fewer cyberthreats
• Faster response time to threats
• Positive results from IT modernization initiatives
• Continuous review of your IT controls improves your security posture
• SolarWinds has tools to help

23. • Download the full 2017 survey results online at:
http://www.solarwinds.com/resources/survey/solarwinds-federal-cybersecurity-survey-summary-report-2017
• Download the full 2015 survey results online at:
http://www.solarwinds.com/resources/survey/solarwinds-federal-cybersecurity-survey-summary-report-2015
• Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-
compliance-with-solarwinds-products
• Review a blog on how SolarWinds software can help with DISA STIG compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-
compliance-with-log-event-manager
• Watch a federal security compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a SIEM white paper:
http://www.solarwinds.com/resources/whitepaper/siem-speeds-time-to-resolution.html
• Download a continuous monitoring white paper:
http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
Compliance Resources
© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

24. © 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Contact Federal Sales:
877.946.3751
federalsales@solarwinds.com

25. Contact Us
•Watch a short demo video: http://demo.solarwinds.com/sedemo/
•Download a free trial: http://www.solarwinds.com/downloads/
•Visit our Federal website: http://www.solarwinds.com/federal
•Call the SolarWinds Federal sales team: 877.946.3751
•Email federal sales: federalsales@solarwinds.com
•Email our Government Distributor DLT®: solarwinds@dlt.com
•Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
• Let us know how we can help you
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

26. SolarWinds, SolarWinds & Design, Orion, and Thwack are the exclusive
property of SolarWinds Worldwide, LLC or its affiliates, are registered
with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks or are
registered or pending registration. All other trademarks mentioned
herein are used for identification purposes only and are trademarks of
(and may be registered trademarks) of their respective companies.