SolarWinds Federal Cybersecurity Survey 2016

© 2016 Market Connections, Inc.
SolarWinds®
Federal Cybersecurity Survey
Summary Report
2016
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025
Background and Objectives
2
SolarWinds contracted Market Connections to design and conduct an online survey
among 200 federal government IT decision makers and influencers in December
2015 and January 2016. SolarWinds was not revealed as the sponsor of the survey.
The main objectives of the survey were to:
• Determine challenges faced by IT professionals to prevent IT security threats
• Quantify sources and types of IT security threats and what makes agencies more
or less vulnerable
• Measure changes in investment of resources in addressing threats
• Determine the IT security tools used to mitigate risk and the time it takes to detect
security events and compliance issues
• Address the affects of IT modernization and consolidation efforts on agency IT
security challenges
Throughout the report, notable significant differences are reported.
Due to rounding, graphs may not add up to 100%.
BACKGROUND AND OBJECTIVES

3
Organizations Represented
RESPONDENT CLASSIFICATIONS
• If a respondent did not work for any of the specific organization types noted below, the survey
was terminated.
Which of the following best describes your current employer?
What agency do you work for?
2%
2%
2%
43%
50%
0% 10% 20% 30% 40% 50% 60%
Federal Legislature
Federal Judicial Branch
Intelligence Agency
Department of Defense or
Military Service
Federal, Civilian or Independent
Government Agency
Organizations Represented
Sample Organizations Represented
(In Alphabetical Order)
Air Force
Department of Transportation
(DOT)
Army Department of Treasury (TREAS)
Department of Agriculture (USDA)
Department of Veteran Affairs
(VA)
Department of Commerce (DOC)
General Services Administration
(GSA)
Department of Defense (DOD) Judicial/Courts
Department of Energy (DOE) Marine Corps
Department of Health and Human
Services (HHS)
National Science Foundation
(NSF)
Department of Homeland Security
(DHS)
Navy
Department of Labor (DOL)
Office of Personnel Management
(OPM)
Department of State (DOS)
Social Security
Administration (SSA)
Department of the Interior (DOI) US Postal Service (USPS)
N=200

5%
20%
45%
46%
50%
54%
0% 10% 20% 30% 40% 50% 60%
Other involvement
Make the final decision
Develop technical requirements
Evaluate or recommend firms
Manage or implement security/IT operations
On a team that makes decisions
4RESPONDENT CLASSIFICATIONS
How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all
that apply)
Note: Multiple responses allowed
N=200
Decision Making Involvement
• All respondents are knowledgeable or involved in decisions and recommendations regarding IT
operations and management and IT security solutions and services.

1%
3%
10%
20%
20%
16%
30%
0% 10% 20% 30% 40%
Less than 1 Year
1-2 Years
3-4 Years
5-9 Years
10-14 Years
15-20 Years
20+ Years
Tenure
16%
2%
4%
6%
8%
27%
36%
0% 10% 20% 30% 40%
Other
CSO/CISO
CIO/CTO
Security/IA director
or manager
Security/IA staff
IT/IS staff
IT director/manager
Job Function
RESPONDENT CLASSIFICATIONS 5
Which of the following best describes your current job title/function?
How long have you been working at your current agency?
Job Function and Tenure
Examples Include:
• Director of
Operations
• Management
Analyst
• Program
Manager
N=200
• A variety of job functions and tenures are represented in the sample, with most being IT
management and working at their agency for over 20 years.

6IT MODERNIZATION AND CONSOLIDATION
48%
20%
32%
Increase
Decrease
No effect
In your opinion, do you think the government’s IT modernization and consolidation efforts have resulted in an increase or decrease in the IT security challenges your
agency faces?
N=200
Government IT Modernization
• Almost half say that the government’s IT modernization and consolidation efforts have
resulted in an increase in security challenges.
• Less than one-quarter believe that security challenges have decreased.

5%
29%
31%
35%
36%
44%
46%
48%
0% 10% 20% 30% 40% 50% 60%
Other
Too much consolidation
Increased compliance reporting
Cloud services adoption
Organizational changes have disrupted IT processes
Lack of familiarity with new systems
Complex enterprise management tools
Incomplete transitions and difficulty supporting everything
Increased IT Challenges
What are the reasons you believe cyber security challenges have increased as a result of the government's IT modernization and consolidation efforts? (select all that
apply)
N=95
Increased Security Challenges
• Incomplete transitions during consolidation and modernization projects, complex enterprise
management tools and the lack of familiarity with new systems are the main reasons
respondents believe IT modernization efforts have resulted in increased security challenges.

15%
25%
25%
32%
40%
42%
52%
55%
0% 10% 20% 30% 40% 50% 60%
Reduced need and time for training
Fewer IT management tools with fewer interfaces
Reduced number of devices to support
Cloud services adoption
Fewer configurations to manage and support
Standardization simplifies admin/mgmt
Legacy equipment replacement
Legacy software replacement
Decreased IT Challenges
What are the reasons you believe cyber security challenges have decreased as a result of the government's IT modernization and consolidation efforts? (select all that
apply)
N=40
Decreased Security Challenges
• Replacement of legacy software and equipment are the main reasons respondents believe IT
modernization efforts have resulted in decreased security challenges.

2%
4%
4%
6%
7%
7%
12%
14%
16%
29%
0% 5% 10% 15% 20% 25% 30% 35%
Other
Lack of clear standards
Lack of technical solutions available at my agency
Lack of training for personnel
Lack of manpower
Lack of top-level direction and leadership
Inadequate collaboration with other internal teams
or departments
Competing priorities and other initiatives
Complexity of internal environment
Budget constraints
9
IT Security Obstacles
IT SECURITY OBSTACLES, THREATS AND BREACHES
What is the most significant high-level obstacle to maintaining or improving IT security at your agency?
N=200
January 2014:
Budget
constraints 40%
• Budget constraints top the list of significant obstacles to maintaining or improving agency IT
security. This has decreased from 40% in the SolarWinds Cybersecurity Survey conducted Q1
2014.

1%
1%
2%
16%
18%
22%
24%
38%
46%
48%
48%
0% 10% 20% 30% 40% 50% 60%
None of the above
Unsure of these threats
Other
Industrial spies
For-profit crime
Malicious insiders
Terrorists
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
10
Sources of Security Threats
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
= statistically significant difference
Defense Civilian
Foreign governments 62% 37%
General hacking community 35% 56%
For-profit crime 12% 24%
• Careless/untrained insiders, foreign governments and the general hacking community are noted
as the largest sources of security threats at federal agencies.

11
Sources of Security Threats -Trend
• There has been no significant reduction in the various sources of security threats. Since 2014,
respondents indicate significant increases in threats from foreign governments and hacktivists.
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200
2014 2015 2016
Careless/untrained insiders 42% 53% 48%
Foreign governments 34% 38% 48%
General hacking community 47% 46% 46%
Hacktivists 26% 30% 38%
Terrorists 21% 18% 24%
Malicious insiders 17% 23% 22%
For-profit crime 11% 14% 18%
Industrial spies 6% 10% 16%
= top 3 sources

12IT SECURITY OBSTACLES, THREATS AND BREACHES
• IT professionals consider human error as the most common security breach to occur in their
agency in the past year.
3%
4%
25%
30%
36%
50%
58%
68%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Unaware of a breach
Other
Denial of service
Privileged account abuse
Theft of IT equipment
Malware
Phishing
Human error
Security Breaches Occurred
Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply)
IT Breaches
3%
20%
27%
21%
16%
14%
0% 10% 20% 30% 40%
None
1
2
3
4
5 or more
Number of Different Types of
Breaches Indicated
N=200

2%
32%
35%
23%
6%
2%
0% 10% 20% 30% 40%
None
1
2
3
4
5 or more
Consequences Indicated
• Personally identifiable information data theft is the most common consequence followed by
service outages.
Which of the following has your agency experienced in the last year due to security breaches? (select all that apply)
Consequences of IT Breaches
2%
3%
8%
12%
25%
36%
39%
40%
44%
0% 10% 20% 30% 40% 50% 60%
None of the above
Other
Financial fraud
Modification of databases
Agency data theft
Misuse of systems
Service degradation
Service outage
PII data theft
Consequences of Security Breaches
N=194

14
Vulnerability to Attacks
• The majority feel their agency is as vulnerable to attacks today as it was a year ago.
• However, more feel that the agency is less vulnerable as opposed to more vulnerable.
In your opinion, is your agency more or less vulnerable to IT security attacks than it was a year ago?
N=200
8% 20% 55% 10% 6%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
1 2 3 4 5
About the
Same
Less
Vulnerable
More
Vulnerable
Mean
2.87

2%
3%
9%
9%
10%
10%
16%
16%
17%
17%
20%
22%
24%
26%
44%
0% 10% 20% 30% 40% 50%
Other
Increased ad-hoc or rogue configuration changes
Increased reliance on external vendors
Increased use of technology not supported by the IT department
Use or increased use of public cloud
Increased attack surface
Increased amount of data
Lack of end user security training
Internal bureaucracy
Decrease in funding for IT security
Increased use of mobile devices
Increased network complexity
End users do not follow set policies
Increased volume of attacks
Increased sophistication of threats
What makes your agency more vulnerable to IT security attacks than a year ago? (select the top three)
Defense Civilian
Increased sophistication
of threats
37% 50%
End users do not follow
set policies
32% 18%
Reasons Agencies are More Vulnerable
• An increase in the sophistication of threats is the top factor that makes an agency more
vulnerable to IT security attacks than a year ago.
N=200

2%
6%
8%
14%
16%
18%
19%
20%
22%
22%
27%
28%
38%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Other
Improved BYOD policy
Improved analysis of logs or user-behavior patterns
Improved IT asset management system
Implemented or improved an identity management system
IT/data center consolidation
Improved or increased security training for agency personnel
Implemented configuration change management tools
Introduced or expanded the use of data encryption
Standardized network configurations and monitoring
Improved patch management
Improved application security
Increased use of Smart Cards for dual-factor authentication
16
Reasons Agencies are Less Vulnerable
What makes your agency less vulnerable to IT security attacks than a year ago? (select the top three)
Defense Civilian
Increased use of
Smart Cards for dual-
factor authentication
26% 49%
N=200
• Increased use of Smart Cards for dual-factor authentication is given the most credit for
making agencies less vulnerable to IT security attacks than a year ago.

17
IT Security Investment
INVESTMENT
How will your organization’s investment in resources for IT security in 2016 compare with 2015?
5%
4%
18%
12%
48%
33%
29%
51%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Staff
Security tools or solutions
Don't know Decrease Remain the same Increase
• Half say their agency will increase investment in security tools or solutions in 2016; however,
that will not generally translate into investment in staff.
N=200

1%
34%
36%
43%
50%
58%
59%
60%
62%
62%
72%
0% 10% 20% 30% 40% 50% 60% 70% 80%
None of the above
File integrity monitoring
Security information event management (SIEM)
Messaging security
Network admission control (NAC) solutions
Endpoint security software
Identity and access management tools
Web application security tools
Configuration management
Patch management software
Smart Card/Common Access Card
18
Current Use of Security Products
SECURITY PRODUCT USE
Which of these security products and practices are currently in use in your organization? (select all that apply)
Defense Civilian
Web application
security tools
52% 66%
• Smart Card/Common Access Cards are used by almost three-fourths of IT professionals.
= statistically significant differenceNote: Multiple responses allowed
N=200

19SECURITY PRODUCT USE
1%
1%
3%
4%
4%
5%
7%
8%
14%
52%
0% 10% 20% 30% 40% 50% 60%
Network admission control (NAC)
Messaging security
Web application security
SIEM
Configuration management
Patch management
Endpoint security
Identity and access management
Smart Card / Common Access Card
Percent that Selected Each Product as Most
Valuable
Please rank the top three security products you find most valuable.
Most Valuable Security Products
• Smart Card/Common Access Card for authentication is by far the most valuable security
product used by federal IT professionals.
N=166
(Rank 1-3, 1 is Most
Valuable) Average Rank
Smart Card / Common
Access Card
1.29
Identity and access
management tools
1.79
Messaging security
software
2.09
Patch management
software
2.09
Endpoint security software 2.15
Configuration
management software
2.28
Security information event
management (SIEM)
software
2.30
Web application security
tools
2.30
Network admission control
(NAC) solutions
2.37
software
2.47

20SECURITY PRODUCT USE
13%
5%
12%
14%
12%
10%
12%
10%
5%
11%
0%
2%
4%
6%
8%
10%
12%
14%
16%
1 2 3 4 5 6 7 8 9 10
Which of these security products and practices are currently in use in your organization?
Note: Multiple responses allowed. *See slide 18 for complete list of products on survey
N=200
Number of Security Products Used
• IT professionals say they use approximately five out of the ten listed products or practices
included on the survey.
Mean
5.35

21
IT Security Changes
IT SECURITY CHANGES
Compared to 2014, how did each of the following change in your agency in 2015?
8%
7%
8%
8%
38%
38%
21%
20%
35%
33%
45%
34%
20%
22%
26%
38%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Time to detection
Time to response
Time to resolution
Number of IT security incidents
Don't know Decreased Remained the same Increased
• The plurality believe that time to detection and response has decreased in 2015, and the
number of IT security incidents have increased.
N=200

7% 9% 8% 7% 8% 6% 8% 9%
23% 17%
48%
28%
44%
32% 24% 18%
33% 34%
34%
36%
32%
34% 47%
43%
37% 39%
10%
28%
16%
28%
21%
29%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Defense Civilian Defense Civilian Defense Civilian Defense Civilian
Increased
Remained
the same
Decreased
Don't know
22IT SECURITY CHANGES
• Though defense and civilian IT professionals agree on the trend in the number of incidents,
they differ on their responses to security incidents.
• A significantly greater proportion of civilian IT professionals have seen increased response
and detection times, while a significantly greater proportion of defense IT professionals have
seen decreases in response and detection times.
Number of IT
security incidents
Time to
detection
Time to
response
Time to
resolution
IT Security Changes
N=200 = statistically significant difference

23DETECTION AND RESPONSE
20%
20%
14%
12%
19%
14%
11%
15%
12%
4%
4%
2%
1%
2%
2%
1%
1%
1%
11%
5%
8%
8%
6%
10%
7%
4%
10%
22%
23%
28%
20%
22%
22%
18%
14%
14%
33%
29%
26%
38%
28%
29%
32%
30%
23%
10%
20%
22%
22%
24%
24%
30%
36%
39%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Social engineering
Cross site scripting
Misuse/abuse of credentials
Phishing attacks
SQL injections
Exploit of vulnerabilities
Malware
Denial of device attacks
Rogue devices
Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
How long does it typically take your organization to detect and/or analyze the following security events?
Security Event Detection Speed
• Quicker detection is noted for rogue devices, denial of device attacks and malware.
N=200

16%
9%
13%
14%
11%
11%
11%
2%
10%
2%
1%
13%
15%
9%
7%
8%
7%
27%
29%
24%
24%
24%
19%
22%
35%
30%
20%
23%
24%
11%
12%
21%
26%
31%
38%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Inappropriate sharing of documents
Patches not up to date
Authorized non-compliant changes
Data copied to an unapproved device
Unauthorized configuration changes
Inappropriate internet access
Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
How long does it typically take your organization to detect the following compliance issues?
N=200
Compliance Detection Speed
• Quicker detection is noted for inappropriate internet access and unauthorized configuration
changes.
• Inappropriate sharing is the most difficult to detect.

8%
17%
7%
15% 10%
17%
2%
1%
3%
5%
13%
8%
12%
8%
9%
2%
11%
11%
17%
19%
29%
25%
22%
20%
26%
27%
19%
25%
17%54%
27%
38%
25%
32%
20%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Defense Civilian Defense Civilian Defense Civilian
Within
minutes
Within one
day
Within a few
days
Within a few
weeks
No ability to
detect
Don't
know/unsure
Rogue devices
Unauthorized
configuration
changes
Data copied to
unapproved
devices
Security Event & Compliance Detection
• A significantly greater proportion of defense respondents indicate detection of rogue devices,
unauthorized configuration changes and data copied to unapproved devices within minutes.
= statistically significant differenceN=200

26SECURITY PRODUCT USE, DETECTION AND RESPONSE
7% 9% 7% 8% 7% 7% 8% 9%
21% 18%
45%
25%
44%
26% 22% 20%
30%
39%
34%
37%
31%
36%
50%
37%
42%
33%
14%
30%
17%
32%
20%
34%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Use Do not use Use Do not use Use Do not use Use Do not use
Increased
Remained
the same
Decreased
Don't
know/unsure
Number of IT
security incidents
Time to
detection
Time to
response
Time to
resolution
Patch Management and Detection Trend
• Relative to non-users, a significantly greater proportion of users of patch management
software report a decrease in the time to detect and response to IT security incidents.
Use n=124
Do not use n=76

4%
1%
24%
26%
32%
42%
42%
58%
2%
5%
26%
31%
38%
56%
68%
75%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Unaware of a breach
Other
Denial of service
Malware
Phishing
Human error
Use
Do Not Use
2.98
2.25
0
1
1
2
2
3
3
4
Use Do not use
Breaches Indicated
Patch Management and IT Breaches
• Likely due to increased detection, IT professionals who use patch management software
report more breaches of many kinds in the past year.
Use n=124
Do not use n=76

• Those who currently use patch
management software are
significantly more able to
detect, within minutes, the
following events:
o Rogue devices
o Denial of device attacks
o Unauthorized
configuration changes
16%
17%
9%
17%
24%
20%
17%
20%
21%
21%
26%
24%
24%
32%
28%
8%
9%
10%
21%
21%
22%
24%
26%
26%
28%
33%
35%
43%
43%
46%
0% 10% 20% 30% 40% 50%
Social engineering
Phishing
SQL Injections
Data copied to unapproved device
Malware
Rogue devices
Use
Do Not Use
Patch Management and Detection
Within Minutes
Use n=124
Do not use n=76

• Relative to non-users, a significantly greater proportion of users of configuration
management software report a decrease in the time to respond to IT security incidents.
7% 10% 7% 8% 7% 6% 8% 9%
19%
22%
41%
32%
47%
23%
49%
39%
35%
32%
32%
39%
28%
41%
21%
22%
40% 37%
19% 22% 17%
30%
22%
30%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Increased
Remained
the same
Decreased
Don't
know/unsure
Number of IT
security incidents
Time to
detection
Time to
response
Time to
resolution
Configuration Management and
Detection Trend
Use n=124
Do not use n=76

• Likely due to increased detection, IT professionals who use configuration management
software report more breaches of all kinds.
3%
4%
24%
27%
30%
38%
44%
56%
3%
3%
26%
31%
39%
59%
67%
77%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Unaware of a breach
Other
Denial of service
Malware
Phishing
Human error
Use
Do Not Use
3.02
2.23
0
1
1
2
2
3
3
4
Use Do not use
Breaches Indicated
Configuration Management and IT
Breaches
Use n=124
Do not use n=76

• Those who currently use
configuration management
software primarily see benefits
with respect to rogue devices
on the network and distributed
denial of device attacks.
14%
14%
11%
25%
16%
20%
22%
30%
23%
18%
28%
29%
41%
24%
32%
7%
9%
12%
18%
21%
22%
22%
22%
25%
27%
32%
32%
37%
43%
44%
0% 10% 20% 30% 40% 50%
Social engineering
Authorized non-complaint changes
Phishing
SQL injections
Malware
Rogue devices
Use
Do Not Use
Configuration Management and
Detection Within Minutes
Note: Multiple responses allowed = statistically significant difference
Use n=124
Do not use n=76

7% 9% 8% 7% 7% 7% 7% 9%
15%
23%
44%
34%
44%
34%
21% 21%
32%
34%
28%
39%
29%
35%
49% 43%
46%
34%
19% 20% 19% 24% 24% 27%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Increased
Remained the
same
Decreased
Don't know/unsure
Number of IT
security incidents
Time to
detection
Time to
response
Time to
resolution
SIEM and Detection Trend
• Security information event management (SIEM) software users report an increase in incident
detection and a decrease in time to detect and respond. However, they report similar
changes to those who do not use SIEM. There are no statistically significant differences.
Use n=72
Do not use n=128

3%
2%
23%
30%
31%
50%
51%
64%
3%
7%
28%
28%
43%
51%
71%
76%
0% 10% 20% 30% 40% 50% 60% 70% 80%
Unaware of a breach
Other
Denial of service
Malware
Phishing
Human error
Use
Do Not Use
3.04
2.52
0
1
1
2
2
3
3
4
Use Do not use
Breaches Indicated
SIEM and IT Breaches
• SIEM users detect phishing attacks in their agency significantly more than those who do not
use SIEM.
Use n=72
Do not use n=128

• Those who currently use SIEM
software are significantly more
able to detect, within minutes,
almost all threats listed on the
survey.
9%
11%
11%
17%
14%
17%
18%
23%
20%
18%
26%
31%
23%
34%
31%
11%
11%
14%
28%
29%
29%
29%
29%
32%
33%
40%
43%
44%
46%
53%
0% 10% 20% 30% 40% 50% 60%
Social engineering
Phishing
SQL injections
Malware
Rogue devices
Use
Do Not Use
SIEM and Detection Within Minutes
Note: Multiple responses allowed = statistically significant difference
Use n=72
Do not use n=128

Contact Information
RESEARCH TO INFORM YOUR BUSINESS DECISIONS
Laurie Morrow, Director of Research Services | Market Connections, Inc.
11350 Random Hills Road, Suite 800 | Fairfax, VA 22033 | 703.378.2025, ext. 101
LaurieM@marketconnectionsinc.com
Lisa M. Sherwin Wulf, Director of Marketing - Federal | SolarWinds
703.234.5386
Lisa.SherwinWulf@solarwinds.com
www.solarwinds.com/federal
LinkedIn: SolarWinds Government
35

36
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property
of SolarWinds Worldwide, LLC and its affiliates, are registered with the U.S.
Patent and Trademark Office, and may be registered or pending registration in
other countries. All other SolarWinds trademarks, service marks, and logos may
be common law marks, registered or pending registration in the United States
or in other countries. All other trademarks mentioned herein are used for
identification purposes only and may be or are trademarks or registered
trademarks of their respective companies.

SolarWinds Federal Cybersecurity Survey 2016

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (12)

Ähnlich wie SolarWinds Federal Cybersecurity Survey 2016

Ähnlich wie SolarWinds Federal Cybersecurity Survey 2016 (20)

Mehr von SolarWinds

Mehr von SolarWinds (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

SolarWinds Federal Cybersecurity Survey 2016

Hinweis der Redaktion