Learn how SolarWinds can help fulfill your growing list of cybersecurity needs, especially around reporting requirements for DISA STIGS, FISMA NIST, and more. In this presentation, our product management team will share the latest features and product updates our federal customers are most interested in for Log & Event Manager (LEM), Firewall Security Manager (FSM), User Device Tracker (UDT), and Network Configuration Manager (NCM) with a focus on their security features.
Learn More and Connect with SolarWinds Federal:
Federal website: http://www.solarwinds.com/federal
thwack Federal and Government group: http://thwack.solarwinds.com/groups/federal-and-government
Twitter: http://twitter.com/SolarWinds_Gov
Main points here from the Fed Government’s Track Record report – lots of attacks, but lack of visibility. Also, a gap in the process for identifying and managing vulnerabilities and security configurations is a big issue. 2013 Verizon Data Breach Report further spells out the elevated risk these issues create. Attackers are getting faster, sneakier and more sophisticated. The biggest impact attacks aren’t kids in the basement using scripts anymore, they are organized, patient, strategic and focused on a prize. In Federal Government this is more true than any other industry. Attacks happen quickly – but they take a long time to identify. Every second an attacker goes undetected, the risk and damage can increase exponentially. We need to turn the tables and have greater visibility and stronger controls to better prevent, identify and remediate today’s sophisticated threats.
As agencies move through every day security management, the general chaos and lack of resources can make risk management easily missed. The primary concern of “patch the system”, “address the compliance requirement”, or Of course, our overall goal is to prevent business impacts – financial loss, loss of secrets, intellectual property etc. Federal government will always have a wide array of sophisticated threats. The two ways that risk can be reduced is through elimination of existing and avoidance of introducing new vulnerabilities – and ensuring that controls evolve as the continuous arms race between attacker and security moves forward.
However, that’s not so easy today. I’m sure many of you are thinking – that sounds great but how? Best practices are just that – best practices. But with limited people, a high degree of budget sensitivity and a constant prioritization battle between IT systems efficiency and security produce large barriers for agencies – regardless of the compliance requirements that are present.
So how do we overcome this? Let’s start with budget. Security Management products that cost a lot typically have a lot of advanced features that are used by less than 10% of their user base. These advanced features cost a lot for vendors to develop and maintain – and so they add not only cost to licenses, but also complexity to their management, maintenance and usability. It can be a painful thing for overstretched agency security departments to throw out the fully optimized dream and focus on relief and capability – but the efficiency and budget leverage that comes with creating realistic requirements based on capability saves a lot of money – both up front license cost and ongoing management and maintenance. The other area that can be so effective to changing the economics and increasing the effectiveness of security is to really focus on a balance between preventative and detective controls. Preventative controls can be very expensive – particularly when an agency is leveraging a true defense in depth approach. Agencies that take the time to understand where they can prevent and where they can’t can make much more effective use of budget. Ensuring a strong monitoring program as a compensating control for areas that lack prevention due to budget will create situational awareness and reduce overall risk.In the area of people – automation is really key. Finding economical technologies that can automate the management and monitoring of security and compliance will make trained security and IT staff more effective – spending more time on addressing issues and less time on figuring out what the issues are. Also, identifying the existing security technologies that are creating large time sinks because they require too much management and replacing them with more efficient products creates rapid ROI – particulary if we go back to the product selection ideals we discussed in terms of budget.Then we have priority. Compliance reports will always be generated to demonstrate the boxes have been checked – but reporting that demonstrates overall risk, threat activity, incident levels and time to respond goes a long way to make the chain of command understand the needs of the security team and gain mindshare in terms of process, people, technology and budget. Of course, because these are all inter-related – reporting should be automated to solve the people challenge. (side note – web helpdesk can report on time to respond I believe if used as ticketing system – Alert central cannot – yes?)
It’s no secret that having the right processes, controls, and tools in place is vital to combating cyber attacks and strengthening your security posture. However, the challenge most federal agencies face is budget and resources.
The ever-increasing cybersecurity threat landscape necessitates around-the-clock security visibility to detect and respond to an attack in as near to real-time as possible in order to minimize damage. Federal agencies with limited resources and budget need an easier way to automate security monitoring and response, as well as streamline reporting.
As organizations grow and firewall rules become more and more complex, it’s easy for engineers to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes. Firewall rule sets have grown so large and unmanageable, it's become virtually impossible to decipher what's going on with the naked eye.
As networks grow in both size and complexity, the difficulty in managing all the device configuration changes that are happening throughout the IT infrastructure grows exponentially. Manually logging in to each device separately to make changes or updates means the likelihood of human error that can lead to policy violations, unauthorized network access, and the possibility of a security breach.
The proliferation of personal mobile devices on the enterprise network has made it extremely difficult to keep track of who and what is connecting to your network. The result is less control, increased security risks, and more time spent trying to trace network problems to their source.
SolarWinds User Device Tracker (UDT) delivers automated user and device tracking along with powerful switch port management capabilities so you can stay in control of who and what are connecting to your network. Quickly find a computer or user, as well as track down lost or rogue devices with a simple search on a user name, IP address, Hostname, or MAC address. And, if the user or device is no longer connected, historical data will show last known location. You can even perform whitelisting, as well as create a watch list, and be alerted immediately when a specific user or device connects. Plus, SolarWinds User Device Tracker lets you take immediate action to shut down a port to mitigate a threat or alleviate a network performance issue. Best of all, you can do it all from an easy-to-use, point-and-click web interface!