Mais conteúdo relacionado Semelhante a Government and Education Webinar: How to Reduce Vulnerabilities and Harden your Infrastructure (20) Government and Education Webinar: How to Reduce Vulnerabilities and Harden your Infrastructure2. 2@solarwinds
Speaker Introductions
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Rich Roberts
Senior Sales Engineer, SolarWinds
richard.roberts@solarwinds.com
703.386.2650 (office)
Eric Hodeen
SolarWinds Architect, CourtesyIT, LLC
solarwinds@courtesyit.com
334.300.0292 (office)
3. 3@solarwinds
Agenda
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
• SolarWinds overview
• Vulnerability management
lifecycle and best practices
• Solution overviews and how
we help
• Hardening infrastructure
overview
• Demonstrations
• Resources and Q&A
4. 4@solarwinds
SolarWinds at a Glance
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
1 IDC-defined Network Management Software functional market, IDC’s Worldwide Semiannual Software Tracker, April 2019.
2 Gartner, Market Share Analysis: ITOM: Performance Analysis Software, Worldwide, 2017. July 9, 2018. (AIOps/ITIM/Other Monitoring Tools Software Market ). SolarWinds term, Systems Management, refers to the AIOps/ITIM/Other Monitoring Tools Software Market Taxonomy
referenced in the Gartner report. All statements in this report attributable to Gartner represent SolarWinds interpretation of data, research opinion, or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each
Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact and are subject to change without notice.
3 Customers are defined as individuals or entities that have an active subscription for our subscription products or that have purchased one or more of our perpetual license products since our inception under a unique customer identification number. We may have multiple
purchasers of our products within a single organization, each of which may be assigned a unique customer identification number and deemed a separate customer.
#1
in Network
Management1
320,000+
customers in 190
countries3
60+
IT management
products
22,000+ MSPs serving
450,000+ organizations
Every branch of the DoD, and
nearly every civilian and
intelligence agency
150,000+ registered members of THWACK®, our global IT community
Founded in 1999
More than 3,200
employees globally
Austin, TX headquarters
30+ offices globally
Leader
in Remote Monitoring
and Management
#3
in Systems
Management2
Growing security
portfolio
499 of
Fortune 500®
5. 5@solarwinds
Building Great Products That Simply Work Is at Our Core
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
End User-Driven Product Strategy With a Constantly Growing OfferingFocused on Ease and Efficiency
Geekbuilt.®
Roadmap driven by end users and products developed by
IT professionals who understand today’s IT environment
Massive User Community
150K+ registered THWACK members
22K+ MSPs access the MSP Institute
and Customer Success Center
Solve clearly identified
problems
Orion®
Platform
Hybrid IT
management
Application
Management
Affordable full-stack
monitoring for hybrid and
cloud-native IT
environments
SolarWinds
MSP
Remote monitoring
and management
platforms, backup,
and email security
Easy to try, find, and
buy
Ready to use
Security
Security, simplified
6. 6@solarwinds
Our Approach to Product
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
OurCorePrinciplesNotableExamples
Simple and
powerful
Deliver complete
visibility for hybrid IT
Grow with our
customers
Enable application-
centric management
•Quick value after install
•Seamless UX across
product portfolio
•Native support of the major
on-premises and public clouds
•Unified, integrated experience
•Start small, solve the first
problem, and be ready for
the next
•Add new capabilities quickly
• AppStack™ – manage the entire
app, not just components
• PerfStack™ – real-time
troubleshooting across the
modern app and infrastructure
stack
• NetPath™ – manage the network, not
just elements
• Cloud infrastructure monitoring –
AWS® and Azure® infrastructure
monitoring
•Support management of
traditional and modern apps
• Network Insight™ – deep
visibility for the modern
network stack across
performance and
configuration
• AppInsight™ – deep visibility
for packaged application
performance
• Increased scale – support for
400,000 NPM elements in a
single instance
• Simplified multiproduct
installer – single installer to
automatically resolve upgrade
and install dependencies
7. 7@solarwinds
SolarWinds Security Products Overview
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Identify Protect Detect Respond Recover
Patch Manager
Windows and third-party patching, asset inventory, and reporting
Security Event Manager
SIEM tool for threat detection, incident response, and compliance reporting
Patch Manager
Patch compromised systems
Access Rights Manager
Manage and audit user access rights across your infrastructure
Identity Monitor
Automates account takeover prevention
Server Configuration Monitor
View previous configurations
Network Configuration Manager
Automates management of network configurations and helps ensure compliance and backup status
User Device Tracker
Detect and locate rogue users and devices on your network
NetFlow Traffic Analyzer
Find suspicious network activity
Serv-U® MFT
Secure file transfer and sharing
Backup
Easy web-based backups
Backup
Restore data and systems
Threat Monitor
SaaS-based threat detection, incident response, and compliance reporting
Server Configuration Monitor
HW and SW asset inventory
8. 8@solarwinds
What Is the Vulnerability Management Lifecycle?
• Identify: Network devices and systems operating
versions for OS weaknesses; categorize into
groups and assign value based on how critical
• Protect: OS versions, applications, user access;
set up logging to cover all
• Detect: Scan for firmware versions against CVE
DB, OS updates, and zero day
• Respond: Tier responsiveness, timeline, and
schedule outages while addressing vulnerabilities
• Verify: Reporting, logging, and alert notification
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Identify
Protect
DetectRespond
Verify
9. 9@solarwinds
System and Application Patching Best Practices
• Discover an updated inventory of servers and workstations
• Conduct a comprehensive audit of software in use
• Leverage automation to discover and uniformly deploy system and application patches
• Test and verify patches in your environment
• Unnecessary patching can run into untested patch stability issues
• Compliance reports help show the status of patched PCs, servers, and VMs
• Schedule patch jobs to help avoid errors and omissions
• Leverage configuration monitoring tools to verify system patches were completed as
expected
• Monitor application performance to ensure patch isn’t the cause of stability issues
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
10. 10@solarwinds
Configuration Management
• Configuration management applies to networks and servers
• Network configuration management can help save time by configuring
devices to policy, preventing unwanted changes, and identifying
configuration drift
• Server configuration management compares changes over time, monitors
performance impacts, and verifies updates were completed
• Vulnerabilities are collected and shared by NIST in the National
Vulnerability Database
• The Department of Homeland Security provides another resource called
Common Vulnerabilities and Exposures (CVE)
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
11. 11@solarwinds
Implement Strong Security Controls
• Agencies with evidence of strong IT controls are more likely to possess the
hallmarks of strong infosec environments1
• Security controls are used to avoid, detect, counteract, or minimize
security risks
• General controls
• Application controls
• Network monitoring and management tools
• Requires a deep level of visibility into your organization’s IT infrastructure
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
1 “SolarWinds Federal Cybersecurity Survey Summary Report 2017,” Market Connections, Inc. https://www.solarwinds.com/resources/survey/solarwinds-
federal-cybersecurity-survey-summary-report-2017 (Accessed December 2019).
12. 12@solarwinds
Continuous Monitoring
• Helps determine if an asset is achieving the anticipated target
• Deviation could mean a potential threat or attack
• Can help alert organizations to abnormal activities (e.g., failed logins or
file transfers)
• Security information and event management (SIEM) tools detect
suspicious activities
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
13. 13@solarwinds
Managing Access Rights Across Your Infrastructure
• Identify, understand, and monitor high-risk access and accounts
• Visualize file server permissions
• Identify who has access
• Provision and deprovision accounts quickly and accurately
• Generate audit-ready reports
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
15. 15@solarwinds
Network Configuration Manager (NCM)
• Discover and automate network configuration backups
• View and easily roll back to the last-known good configurations
• Establish multi-device baselines to identify and resolve configuration drift
• Bulk deploy standardized device configs across your network
• Gain visibility to unauthorized or erroneous network changes
• Define compliance rules; detect and report on network policy violations
• Network inventory and asset service management
• Utilize NIST CVE; Cisco IOS®, ASA, Cisco Nexus®, and Juniper® device versions are matched to identify
potential vulnerabilities; workflow includes ability to investigate, remediate, or waiver based on
applicability
• Audit device configs for NIST FISMA, DISA STIG, and DSS PCI compliance
• Get out-of-the-box support for major network device vendors, including Cisco®, Palo Alto Networks®,
Juniper, HP®, Huawei®, F5®, Avaya®, Ruckus®, and more
• Links: Data – Demo – Resource
Improve network reliability and security by managing configurations, changes, and compliance
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
16. 16@solarwinds
Server Configuration Monitor (SCM)
• Detect, alert, and report on changes
• Default Templates to monitor with hardware inventory, software inventory, and
IIS configuration files
• Customization to monitor registries, binary and text files, and script outputs
• Capture and track who made configuration changes
• Compare current configurations against a baseline or between any two points in
time
• Correlate configuration changes with network and application performance
• Automatically detect servers and applications eligible for monitoring
• Links: Data – Demo – Resource
Detect, alert, and track configuration changes to Windows and Linux servers and applications
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
17. 17@solarwinds
Patch Manager
• Utilizing WSUS or SCCM; improve and simplify patch management solutions
• Discover patches needed for Microsoft Windows, and third-party patches
• Deploy pre-built, tested patches from vendors such as Adobe®, Apple®, Google®,
Mozilla®, Oracle®, and others—upgrade or new install
• Set time limits and timeline on when patches are approved
• Decrease security risks and service performance degradation by controlling when and
where patches are applied
• View audits and demonstrate compliance with out-of-the-box reports and dashboard
views
• Agentless architecture, mass scale, and ease of use gives you the best ROI with no
scripting or professional services needed
• Links: Data – Demo – Resource
Automated patching of Microsoft® and third-party applications
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
18. 18@solarwinds
Access Rights Manager (ARM)
• Easily analyze user access rights across your IT infrastructure
• Rapidly identify and reduce the risk of unauthorized system access and data breaches
• Quickly demonstrate compliance with reports created on-demand or scheduled for
automated delivery
• Identify and manage risks through the detection of malicious or accidental access
attempts and compromised accounts
• Easily create user accounts and review user permissions, groups, and access across all
systems and data
• Support timely and complete deprovisioning of user access
• Reduce IT workload and save time by delegating permission management to data
owners
• Links: Data - Resource
Centrally provision, deprovision, manage, and audit user access rights to systems, data, and files
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
19. 19@solarwinds
Security Event Manager (SEM)
• Collects, consolidates, normalizes, and visualizes logs and events from firewalls,
IDS/IPS devices and applications, switches, routers, servers, OS, and other applications
• Performs real-time correlation of machine data to identify threats and attack patterns
• Responds to suspicious activity automatically with Active Response, including blocking
USB devices, killing malicious processes, logging off users, and more
• Eases compliance reporting and audits with out-of-the-box reports and filters for
HIPAA, PCI DSS, SOX, ISO, DISA STIGs, FISMA, FERPA, NERC CIP, GLBA, and more
• Intuitive interface and out-of-the-box content means you don’t need to be a security
or compliance expert to get value from our SIEM solution
• Monitor and alert on suspicious or malicious behaviors to sensitive files
• Affordable, scalable licensing based on log-emitting sources, not log volume
• Links: Data - Demo - Resource
Improve your security posture and demonstrate compliance with an easy-to-use, affordable SIEM tool
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
21. 21@solarwinds
STIGs Overview
• DoD mandates using Security Technical Implementation Guides (STIGs) to
standardize secure infrastructure installation and maintenance; these guides
were developed by DISA to reduce vulnerability
• Network and log management solutions can help
• Inventory network device configurations, assess (auditing) configurations for
compliance, and automate (remediation) and configuration management
• Implement configuration of security controls and help assure (or ensure)
effectiveness
• Produce FISMA and DISA STIGs reports from configuration templates
• Information assurance dashboards, artifacts, and reports
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
22. 22@solarwinds
STIGs Basics
• DoD must comply with the technical testing and hardening frameworks
• To date, DoD has released 461 STIGs, and continues to release more on a
semi-regular basis
• DISA provides both requirements and tools for validating and
implementing the security requirements, for example
• Assured Compliance Assessment Solution (ACAS) were developed by industry
specifically for DISA
• Security Content Automation Protocol (SCAP) Compliance Checker (SCC) were
developed by the U.S. Navy for use by Defense agencies
• Automating configuration and compliance management also helps make
this manageable
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
23. 23@solarwinds
Network Security Best Practices
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Best Practice Eric Comments
Maintain your operating system software Use NCM to push OS updates to your supported devices
Make visibility a priority Develop your SolarWinds products to provide maximum visibility
on your enterprise
Keep a close eye on user permissions Use ARM to ensure users maintain the correct permission levels
for their role
Use a reliable network packet broker to send the right
traffic to the right tools
Use NTA to identify traffic flows on your network
Stay compliant NCM for your network devices
SCM for your servers (future capability)
Establish a security policy Approved protocols and standards
Always back up your data Use NCM to back up your network device configurations
Use SEM to maintain logs
Don’t forget about third-party users Quarantine third-party users and guests
Educate your users Frequent educational content about IT security topics
Source: https://blog.gigamon.com/2018/05/17/the-9-most-vital-network-security-best-practices/ (05/2020)
24. 24@solarwinds
Server Security Best Practices
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Best Practice Eric Comments
SSH keys Use SCM to take stock of HIPS applications on your servers
Firewalls
VPC networks
Service auditing Use SCM to assist with auditing events and activities based on
inventory
Updates and patching Use Patch Manager to provide automation with Patching activities
Disable directory indexes
Backup and recovery policies Use SolarWinds® Backup to assist with backup activities
Source: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers (05/2020)
25. 25@solarwinds
Logging Best Practices
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Best Practice Eric Comments
Check your IT department’s security requirements up
front
IT often gets veto power on deals, so clarify requirements
before evaluating options
Store logs outside your data center You’ll need logs during outages and fires, so store them in a
different availability zone or region
Compare the TCO of self-hosting, cloud-hosting, and SaaS Open source is not free. Consider storage, compute,
bandwidth, operational, and hidden costs
Get input from users of the system before making a
decision
Let end users try out the options instead of making a top-
down purchase decision
Remember user experience problems are deal-breakers If end users find a tool hard to use, they will avoid it, offload to
experts, or force a switch
Set up common searches, dashboards, and alerts for your
team
It’ll be easier to get buy-in from your team if they see a
valuable pattern and can build on it
Source: https://www.loggly.com/blog/30-best-practices-logging-scale/ (05/2020)
26. 26@solarwinds
Logging Best Practices (cont’d)
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Best Practice Eric Comments
Test whether ingestion time is less than a few seconds Low latency is important for live monitoring and
troubleshooting
Test search performance at full volume and query
complexity
Small scale tests are not meaningful, so send realistic volumes
and test real-world queries
When self- or cloud-hosting, optimize for query
performance
No one wants slow performance. Add hot/cold nodes and
optimize shard size and indexes for speed
Automatically parse your logs at ingestion Parsing logs at search time is slower, and automatic rules save
time over custom ones
Onboard users and integrate into workflow Availability != effective use. Users need to understand it and fit
it into their workflow
Set up common searches, dashboards, and alerts for your
team
It’ll be easier to get buy-in from your team if they see a
valuable pattern and can build on it
Source: https://www.loggly.com/blog/30-best-practices-logging-scale/ (05/2020)
28. 28@solarwinds
Resources to Help Reduce Vulnerabilities
Review a blog on FISMA requirements:
https://www.solarwinds.com/federal-government/solution/fisma-compliance-requirements
Review a blog on how SolarWinds software can help with CIS controls:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2017/08/18/solarwinds-and-cis-critical-security-
controls
Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-compliance-
with-solarwinds-products
Review a blog on how SolarWinds software can help with DISA STIGS compliance:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-compliance-with-log-
event-manager
Watch a federal security compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
Download a compliance white paper:
https://try.solarwinds.com/gov/whitepapers/ultimate-guide-federal-it-compliance
Download a continuous monitoring white paper:
https://try.solarwinds.com/gov/whitepapers/daily-federal-compliance-and-continuous-cybersecurity-monitoring
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
29. 29@solarwinds
Q&A
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
Call government sales:
877.946.3751
Contact federal sales:
federalsales@solarwinds.com
Contact state and local
government sales:
governmentsales@solarwinds.com
Contact education sales:
educationsales@solarwinds.com
30. 30@solarwinds
Contact Us
• Visit our THWACK® government group: http://thwack.com/government
• Watch a short demo video: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our government website: http://www.solarwinds.com/government
• Call government sales: 877.946.3751
• Email SolarWinds federal government sales: federalsales@solarwinds.com
• Email SolarWinds state and local government sales: governmentsales@solarwinds.com
• Email SolarWinds education sales: educationsales@solarwinds.com
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
Let us know how we can help you
© 2020 SolarWinds Worldwide, LLC. All rights reserved.
31. 31@solarwinds
The SolarWinds, SolarWinds & Design, Orion, and THWACK
trademarks are the exclusive property of SolarWinds Worldwide,
LLC or its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration
in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks or are registered or
pending registration. All other trademarks mentioned herein are
used for identification purposes only and are trademarks of (and
may be registered trademarks) of their respective companies.
© 2020 SolarWinds Worldwide, LLC. All rights reserved.