The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 2: Firewall Logs Part 2 of the series shifted our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack which have been demonstrated countless times by hackers, we showed how firewall log data can give notice of attempts at infiltrating a network, exfiltrating data, and more. Beyond that, we discussed how Network Change and Configuration Management solutions can too contribute to deeper IT security by helping to alert to config. changes on firewalls - and other network devices - in addition to a host of other capabilities which can help with this cause. Other Security Kung Fu Events: Part 1: SIEM Solutions | http://bit.ly/2qkwVWh Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

2. INTRODUCTION
The Security Kung Fu Series is a four-part series intended to guide you in the mastery of the art of
Security Kung Fu.
As we embarked on creating this series, we always knew that in the back of everyone’s minds were a
couple of curious thoughts: Why “Kung Fu?” And, “what does martial arts have to do with how I protect
my network?”
Well, “Kung Fu” is a Chinese term referring to any study, learning, or practice that requires patience,
energy, hard work, discipline and time to complete. So, really, it’s not just martial arts.
Perhaps, by this definition, you’re starting to see the parallels we see with IT security, and the vital roles
many of you play within your respective organizations.
For on demand access to each recording of the series visit the Security Kung Fu Series Page.
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2

3. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
AGENDA
3
• Respect your Security Kung Fu Masters
• The cybersecurity climate
• Anatomy of an attack
• Uncovering the “Detection Deficit”
• Playing with fire[wall logs]
• SIEM and NCCM Solutions
• Firewall-centric capabilities of SolarWinds® Log &
Event Manager (LEM) and SolarWinds® Network
Configuration Manager (NCM)
• Q&A

4. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURITY KUNG FU MASTERS
4
Ian Trump
Cyber Security Strategist
Jamie Hynds
Sr. Product Manager - Security
SolarWinds

5. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
THE CYBERSECURITY CLIMATE
• Cybersecurity market reaches
$75 BILLION IN 2015
• Cybersecurity market anticipated to reach
$170 BILLION BY 2020
• Cyber crime costs projected to reach
$2 TRILLION BY 2019
5
https://www.forbes.com/sites/stevemorgan/2015/12/20/cybersecurity​-​market-reaches-
75-billion-in-2015​​-​expected-to-reach-170-billion-by-2020/

6. ANATOMY OF AN ATTACK
Delivery Exploitation Installation C2 Actions
WAN to LAN End Point End Point LAN to WAN End Point
Lockheed Martin Cyber Kill Chain®

7. ANATOMY OF AN ATTACK
AN EXAMPLE OF LATERAL MOVEMENT

8. BREACH NOTIFICATION
Regulations, Rules, & Requirements
• State law in many states
o Forty-seven states, the District of Columbia, Guam, Puerto Rico, and the Virgin
Islands have enacted legislation requiring private, governmental or educational
entities to notify individuals of security breaches of information involving
personally identifiable information
o Only three states—Alabama, New Mexico, and South Dakota—do not currently
have a law requiring consumer notification of security breaches
• Federal law
o H.R.1770 - Data Security and Breach Notification Act of 2015 – on legislative
calendar as of 2017
o HIPAA & GLBA

9. © 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
THE “DETECTION DEFICIT”
9
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

10. PLAYING WITH FIRE[WALL LOGS]
What kinds of events do firewalls log?
• Traffic, traffic, traffic
o Many devices can log both traffic statistics and per-ACL/policy
o For ACLs/policy, you can specify whether to log (and in some cases when – session start vs.
end)
• Device administration
o Configuration changes, sometimes down to the specific command ran
o Authentication (both admins and things like VPN)
• Add-on module and “smarter” data
o UTMs and Next-Gen Firewalls, IPS modules, etc. generate lots of security-specific details
o VPN connections and tunnels

11. SIEM AND NCCM SOLUTIONS
How do security information and event management (SIEM) solutions help me
manage firewall logs?
• High volume makes it hard to be high value!
o Make logs work for you now, rather than waiting for an investigation
• Apply your environment details to logs to make them more intelligent
• Correlate (in real-time or as a part of investigation/troubleshooting) firewall data with
other event sources to get a full picture of what’s actually happening
• Leverage active response on the device or somewhere else to isolate problems

12. SIEM AND NCCM SOLUTIONS
How does configuration management help mitigate risk and contribute to
compliance?
• Consistently configure devices to policy baseline
• Audit configurations for compliance to standards and policies
• Monitor configurations for unauthorized changes and remediate
• Archive configs to rollback a config change or recover a failed device
• Assess vulnerabilities in device firmware
• Upgrade outdated device firmware
• Discover, inventory and manage device lifecycle
• Maintain device documentation (e.g., location, purpose, configuration contacts, etc.)

13. SOLARWINDS NETWORK CONFIGURATION MANAGER
Centralized network change and configuration management software.
• Automated configuration backups, comparisons, and rollback
• Real-time configuration change detection and audits for compliance management
• Bulk deploy configuration changes
Download Free Trial | Learn More
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 13

14. SOLARWINDS LOG & EVENT MANAGER
Affordable SIEM solution that helps you detect and respond to security threats.
• Real-time event correlation for instantaneous detection of malicious and suspicious
activity
• Automated remediation and advanced search for forensic analysis and
troubleshooting
• Out-of-the-box compliance rules and reports for HIPAA, PCI, SOX, FISMA, and may
more.
Download Free Trial | Learn More
© 2017 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14

16. SECURITY KUNG FU WEBINAR SERIES
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks
are the exclusive property of SolarWinds Worldwide, LLC or its affiliates,
are registered with the U.S. Patent and Trademark Office, and may be
registered or pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks or are
registered or pending registration. All other trademarks mentioned herein
are used for identification purposes only and are trademarks of (and may
be registered trademarks) of their respective companies.