According to the fourth annual Federal Cybersecurity Survey from SolarWinds and Market Connections, insider threats are the leading source of threats to federal agencies. Human error is one of the most common insider threats, followed by abuse of privileges, and theft. The increased sophistication of threats, volume of attacks, and end-user policy violations make agencies more vulnerable than ever. In this webinar, we discussed how implementing the right tools, as well as continuously monitoring systems and networks, can provide the data to make informed decisions and help agencies safeguard against insider threats, and quickly identify and fix vulnerabilities.
During this webinar our presenters discussed:
The 2017 SolarWinds Federal Cybersecurity Survey, and the top sources of threats
How the right tools and technologies can provide IT infrastructure data to help safeguard against malicious and non-malicious internal threats, including:
Utilizing fault, performance, and log management data to help ensure that devices are continuously monitored and operating correctly
Leveraging configuration management to help prevent errors and reduce vulnerabilities
How the implementation of Security Incident and Event Management (SIEM) tools can better equip agencies to quickly detect and respond to security threats and help to reduce vulnerability, including:
Utilizing log data to detect malicious or out-of-policy actions, fine-tune firewall configurations, and monitor Active Directory® changes
How to track devices and users on your network and maintain historic data for forensics
26. SolarWinds, SolarWinds & Design, Orion, and Thwack are the exclusive
property of SolarWinds Worldwide, LLC or its affiliates, are registered
with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds
trademarks, service marks, and logos may be common law marks or are
registered or pending registration. All other trademarks mentioned
herein are used for identification purposes only and are trademarks of
(and may be registered trademarks) of their respective companies.
Editor's Notes
Intro and Agenda (5)
2017 SolarWinds Federal Cybersecurity Survey Overview (13)
Leveraging SolarWinds® Security and Network Management Tools (12)
Log & Event Manager Overview (5)
Demonstration (15)
Q&A and closing (10)
We have a link to the survey results at the end of the presentation, and we also have copies available at our booth.
Explain that the yellow oval indicates a statistically significant difference and that this notation will be used throughout the results slides
9
10
SPAM, malware and other threats are increasing as you see here. And human error is a factor here, making it one of the most common threats.
The increased sophistication of threats, volume of attacks, and end-user policy violations make agencies more vulnerable than ever.
As well discuss further after the survey results, continuously monitoring systems and networks, can help agencies safeguard against insider threats, and quickly identify and fix vulnerabilities.
Configure correlation rules to help assure effectiveness of security controls
LEM includes several out of the box correlation rules to provide assurance that your security controls are operating effectively. This can be achieved via log ingestion from a wide range of sources. LEM’s rules can validate that your firewalls are appropriately blocking traffic according to your ACL’s, validate that accounts are being locked out in accordance with your policy, files and folders are being accessed appropriately (and many more).
Real-time and continuous monitoring of security controls
LEM collects, normalizes and correlates logs in real-time to provide instantaneous and continuous monitoring of your log data. LEM’s powerful correlation engine can leverage hundreds of out of the box rules for suspicious activity. LEM also provides Active Response technology to automatically stop malicious insiders in their tracks and prevent potential breaches.
Monitor for Active Directory® events and changes
LEM includes a wealth of predefined content for Active Directory monitoring, including charts, filters, rules and reports. LEM can capture logs from your AD servers to capture successful and failed logons to your domain, password changes, group changes (users being assigned permissions and add/removed from groups), account lockouts and disablement, Group Policy Changes and more. Active Directory audit proven reports enable you to quickly report on changes to your AD users, groups and environment.
Produce FISMA and DISA STIGs compliance reports from templates
There are FISMA reports out of the box – can leverage Nicole’s blog post on Thwack on FISMA for content. DISA STIGs may be a better fit for NCM.
Supports DISA STIGs requirements for configuration auditing, log analysis, and broader network security
LEM can validate that configuration changes have been implemented in order to comply with DISA STIGs. LEM also performs real-time log analysis and provides visibility into what is happening on your network.
Tracks and report suspicious activities/attacks to provide auditing support
LEM’s correlation engine can identify and respond to suspicious activity in real-time. A lot of tools can generate an alert if suspicious activity is identified, however LEM takes this a step further with its Active Response capabilities. You can log off a user, shut down machines, block USB devices and firewall ports, prevent an application launching and many more actions.