O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Government and Education Webinar: How to Reduce Vulnerabilities and Harden your Infrastructure

198 visualizações

Publicada em

In this webinar, our SolarWinds sales engineer and guest speaker Eric Hodeen discussed how to reduce your vulnerabilities and harden your infrastructure. They also reviewed best practices, share resources, and demonstrate how our products can be used to help manage vulnerabilities at your organization. They reviewed common infrastructure hardening best practices and how to use the DISA STIGs to teach the basics such as validation of FIPS require protocols, baseline STIG’ed configuration for the enterprise, and other tips on securing your infrastructure .

During this interactive webinar, attendees learned how to::
• Leverage automated network configuration tools to deploy standardized configurations, detect out-of-process changes, audit configurations, and even correct violations
• Audit device configurations and logs for NIST FISMA, DISA STIG, and DSS PCI compliance
• Discover patch statuses and vulnerabilities, and automate patch management
• Detect, track, and compare system and application configuration changes to confirm changes, even when systems are off-line
• Leverage access rights management to understand and act on high-risk access and reduce vulnerabilities

Publicada em: Software
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Government and Education Webinar: How to Reduce Vulnerabilities and Harden your Infrastructure

  1. 1. 1@solarwinds How to Reduce Vulnerabilities and Harden Your Infrastructure Government and Education Webinar May 19, 2020
  2. 2. 2@solarwinds Speaker Introductions © 2020 SolarWinds Worldwide, LLC. All rights reserved. Rich Roberts Senior Sales Engineer, SolarWinds richard.roberts@solarwinds.com 703.386.2650 (office) Eric Hodeen SolarWinds Architect, CourtesyIT, LLC solarwinds@courtesyit.com 334.300.0292 (office)
  3. 3. 3@solarwinds Agenda © 2020 SolarWinds Worldwide, LLC. All rights reserved. • SolarWinds overview • Vulnerability management lifecycle and best practices • Solution overviews and how we help • Hardening infrastructure overview • Demonstrations • Resources and Q&A
  4. 4. 4@solarwinds SolarWinds at a Glance © 2020 SolarWinds Worldwide, LLC. All rights reserved. 1 IDC-defined Network Management Software functional market, IDC’s Worldwide Semiannual Software Tracker, April 2019. 2 Gartner, Market Share Analysis: ITOM: Performance Analysis Software, Worldwide, 2017. July 9, 2018. (AIOps/ITIM/Other Monitoring Tools Software Market ). SolarWinds term, Systems Management, refers to the AIOps/ITIM/Other Monitoring Tools Software Market Taxonomy referenced in the Gartner report. All statements in this report attributable to Gartner represent SolarWinds interpretation of data, research opinion, or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact and are subject to change without notice. 3 Customers are defined as individuals or entities that have an active subscription for our subscription products or that have purchased one or more of our perpetual license products since our inception under a unique customer identification number. We may have multiple purchasers of our products within a single organization, each of which may be assigned a unique customer identification number and deemed a separate customer. #1 in Network Management1 320,000+ customers in 190 countries3 60+ IT management products 22,000+ MSPs serving 450,000+ organizations Every branch of the DoD, and nearly every civilian and intelligence agency 150,000+ registered members of THWACK®, our global IT community Founded in 1999 More than 3,200 employees globally Austin, TX headquarters 30+ offices globally Leader in Remote Monitoring and Management #3 in Systems Management2 Growing security portfolio 499 of Fortune 500®
  5. 5. 5@solarwinds Building Great Products That Simply Work Is at Our Core © 2020 SolarWinds Worldwide, LLC. All rights reserved. End User-Driven Product Strategy With a Constantly Growing OfferingFocused on Ease and Efficiency Geekbuilt.® Roadmap driven by end users and products developed by IT professionals who understand today’s IT environment Massive User Community 150K+ registered THWACK members 22K+ MSPs access the MSP Institute and Customer Success Center Solve clearly identified problems Orion® Platform Hybrid IT management Application Management Affordable full-stack monitoring for hybrid and cloud-native IT environments SolarWinds MSP Remote monitoring and management platforms, backup, and email security Easy to try, find, and buy Ready to use Security Security, simplified
  6. 6. 6@solarwinds Our Approach to Product © 2020 SolarWinds Worldwide, LLC. All rights reserved. OurCorePrinciplesNotableExamples Simple and powerful Deliver complete visibility for hybrid IT Grow with our customers Enable application- centric management •Quick value after install •Seamless UX across product portfolio •Native support of the major on-premises and public clouds •Unified, integrated experience •Start small, solve the first problem, and be ready for the next •Add new capabilities quickly • AppStack™ – manage the entire app, not just components • PerfStack™ – real-time troubleshooting across the modern app and infrastructure stack • NetPath™ – manage the network, not just elements • Cloud infrastructure monitoring – AWS® and Azure® infrastructure monitoring •Support management of traditional and modern apps • Network Insight™ – deep visibility for the modern network stack across performance and configuration • AppInsight™ – deep visibility for packaged application performance • Increased scale – support for 400,000 NPM elements in a single instance • Simplified multiproduct installer – single installer to automatically resolve upgrade and install dependencies
  7. 7. 7@solarwinds SolarWinds Security Products Overview © 2020 SolarWinds Worldwide, LLC. All rights reserved. Identify Protect Detect Respond Recover Patch Manager Windows and third-party patching, asset inventory, and reporting Security Event Manager SIEM tool for threat detection, incident response, and compliance reporting Patch Manager Patch compromised systems Access Rights Manager Manage and audit user access rights across your infrastructure Identity Monitor Automates account takeover prevention Server Configuration Monitor View previous configurations Network Configuration Manager Automates management of network configurations and helps ensure compliance and backup status User Device Tracker Detect and locate rogue users and devices on your network NetFlow Traffic Analyzer Find suspicious network activity Serv-U® MFT Secure file transfer and sharing Backup Easy web-based backups Backup Restore data and systems Threat Monitor SaaS-based threat detection, incident response, and compliance reporting Server Configuration Monitor HW and SW asset inventory
  8. 8. 8@solarwinds What Is the Vulnerability Management Lifecycle? • Identify: Network devices and systems operating versions for OS weaknesses; categorize into groups and assign value based on how critical • Protect: OS versions, applications, user access; set up logging to cover all • Detect: Scan for firmware versions against CVE DB, OS updates, and zero day • Respond: Tier responsiveness, timeline, and schedule outages while addressing vulnerabilities • Verify: Reporting, logging, and alert notification © 2020 SolarWinds Worldwide, LLC. All rights reserved. Identify Protect DetectRespond Verify
  9. 9. 9@solarwinds System and Application Patching Best Practices • Discover an updated inventory of servers and workstations • Conduct a comprehensive audit of software in use • Leverage automation to discover and uniformly deploy system and application patches • Test and verify patches in your environment • Unnecessary patching can run into untested patch stability issues • Compliance reports help show the status of patched PCs, servers, and VMs • Schedule patch jobs to help avoid errors and omissions • Leverage configuration monitoring tools to verify system patches were completed as expected • Monitor application performance to ensure patch isn’t the cause of stability issues © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  10. 10. 10@solarwinds Configuration Management • Configuration management applies to networks and servers • Network configuration management can help save time by configuring devices to policy, preventing unwanted changes, and identifying configuration drift • Server configuration management compares changes over time, monitors performance impacts, and verifies updates were completed • Vulnerabilities are collected and shared by NIST in the National Vulnerability Database • The Department of Homeland Security provides another resource called Common Vulnerabilities and Exposures (CVE) © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  11. 11. 11@solarwinds Implement Strong Security Controls • Agencies with evidence of strong IT controls are more likely to possess the hallmarks of strong infosec environments1 • Security controls are used to avoid, detect, counteract, or minimize security risks • General controls • Application controls • Network monitoring and management tools • Requires a deep level of visibility into your organization’s IT infrastructure © 2020 SolarWinds Worldwide, LLC. All rights reserved. 1 “SolarWinds Federal Cybersecurity Survey Summary Report 2017,” Market Connections, Inc. https://www.solarwinds.com/resources/survey/solarwinds- federal-cybersecurity-survey-summary-report-2017 (Accessed December 2019).
  12. 12. 12@solarwinds Continuous Monitoring • Helps determine if an asset is achieving the anticipated target • Deviation could mean a potential threat or attack • Can help alert organizations to abnormal activities (e.g., failed logins or file transfers) • Security information and event management (SIEM) tools detect suspicious activities © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  13. 13. 13@solarwinds Managing Access Rights Across Your Infrastructure • Identify, understand, and monitor high-risk access and accounts • Visualize file server permissions • Identify who has access • Provision and deprovision accounts quickly and accurately • Generate audit-ready reports © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  14. 14. 14@solarwinds SolarWinds Solutions to Help Reduce Vulnerabilities and Harden Infrastructure
  15. 15. 15@solarwinds Network Configuration Manager (NCM) • Discover and automate network configuration backups • View and easily roll back to the last-known good configurations • Establish multi-device baselines to identify and resolve configuration drift • Bulk deploy standardized device configs across your network • Gain visibility to unauthorized or erroneous network changes • Define compliance rules; detect and report on network policy violations • Network inventory and asset service management • Utilize NIST CVE; Cisco IOS®, ASA, Cisco Nexus®, and Juniper® device versions are matched to identify potential vulnerabilities; workflow includes ability to investigate, remediate, or waiver based on applicability • Audit device configs for NIST FISMA, DISA STIG, and DSS PCI compliance • Get out-of-the-box support for major network device vendors, including Cisco®, Palo Alto Networks®, Juniper, HP®, Huawei®, F5®, Avaya®, Ruckus®, and more • Links: Data – Demo – Resource Improve network reliability and security by managing configurations, changes, and compliance © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  16. 16. 16@solarwinds Server Configuration Monitor (SCM) • Detect, alert, and report on changes • Default Templates to monitor with hardware inventory, software inventory, and IIS configuration files • Customization to monitor registries, binary and text files, and script outputs • Capture and track who made configuration changes • Compare current configurations against a baseline or between any two points in time • Correlate configuration changes with network and application performance • Automatically detect servers and applications eligible for monitoring • Links: Data – Demo – Resource Detect, alert, and track configuration changes to Windows and Linux servers and applications © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  17. 17. 17@solarwinds Patch Manager • Utilizing WSUS or SCCM; improve and simplify patch management solutions • Discover patches needed for Microsoft Windows, and third-party patches • Deploy pre-built, tested patches from vendors such as Adobe®, Apple®, Google®, Mozilla®, Oracle®, and others—upgrade or new install • Set time limits and timeline on when patches are approved • Decrease security risks and service performance degradation by controlling when and where patches are applied • View audits and demonstrate compliance with out-of-the-box reports and dashboard views • Agentless architecture, mass scale, and ease of use gives you the best ROI with no scripting or professional services needed • Links: Data – Demo – Resource Automated patching of Microsoft® and third-party applications © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  18. 18. 18@solarwinds Access Rights Manager (ARM) • Easily analyze user access rights across your IT infrastructure • Rapidly identify and reduce the risk of unauthorized system access and data breaches • Quickly demonstrate compliance with reports created on-demand or scheduled for automated delivery • Identify and manage risks through the detection of malicious or accidental access attempts and compromised accounts • Easily create user accounts and review user permissions, groups, and access across all systems and data • Support timely and complete deprovisioning of user access • Reduce IT workload and save time by delegating permission management to data owners • Links: Data - Resource Centrally provision, deprovision, manage, and audit user access rights to systems, data, and files © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  19. 19. 19@solarwinds Security Event Manager (SEM) • Collects, consolidates, normalizes, and visualizes logs and events from firewalls, IDS/IPS devices and applications, switches, routers, servers, OS, and other applications • Performs real-time correlation of machine data to identify threats and attack patterns • Responds to suspicious activity automatically with Active Response, including blocking USB devices, killing malicious processes, logging off users, and more • Eases compliance reporting and audits with out-of-the-box reports and filters for HIPAA, PCI DSS, SOX, ISO, DISA STIGs, FISMA, FERPA, NERC CIP, GLBA, and more • Intuitive interface and out-of-the-box content means you don’t need to be a security or compliance expert to get value from our SIEM solution • Monitor and alert on suspicious or malicious behaviors to sensitive files • Affordable, scalable licensing based on log-emitting sources, not log volume • Links: Data - Demo - Resource Improve your security posture and demonstrate compliance with an easy-to-use, affordable SIEM tool © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  20. 20. 20@solarwinds STIGs Overview and Infrastructure Hardening © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  21. 21. 21@solarwinds STIGs Overview • DoD mandates using Security Technical Implementation Guides (STIGs) to standardize secure infrastructure installation and maintenance; these guides were developed by DISA to reduce vulnerability • Network and log management solutions can help • Inventory network device configurations, assess (auditing) configurations for compliance, and automate (remediation) and configuration management • Implement configuration of security controls and help assure (or ensure) effectiveness • Produce FISMA and DISA STIGs reports from configuration templates • Information assurance dashboards, artifacts, and reports © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  22. 22. 22@solarwinds STIGs Basics • DoD must comply with the technical testing and hardening frameworks • To date, DoD has released 461 STIGs, and continues to release more on a semi-regular basis • DISA provides both requirements and tools for validating and implementing the security requirements, for example • Assured Compliance Assessment Solution (ACAS) were developed by industry specifically for DISA • Security Content Automation Protocol (SCAP) Compliance Checker (SCC) were developed by the U.S. Navy for use by Defense agencies • Automating configuration and compliance management also helps make this manageable © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  23. 23. 23@solarwinds Network Security Best Practices © 2020 SolarWinds Worldwide, LLC. All rights reserved. Best Practice Eric Comments Maintain your operating system software Use NCM to push OS updates to your supported devices Make visibility a priority Develop your SolarWinds products to provide maximum visibility on your enterprise Keep a close eye on user permissions Use ARM to ensure users maintain the correct permission levels for their role Use a reliable network packet broker to send the right traffic to the right tools Use NTA to identify traffic flows on your network Stay compliant NCM for your network devices SCM for your servers (future capability) Establish a security policy Approved protocols and standards Always back up your data Use NCM to back up your network device configurations Use SEM to maintain logs Don’t forget about third-party users Quarantine third-party users and guests Educate your users Frequent educational content about IT security topics Source: https://blog.gigamon.com/2018/05/17/the-9-most-vital-network-security-best-practices/ (05/2020)
  24. 24. 24@solarwinds Server Security Best Practices © 2020 SolarWinds Worldwide, LLC. All rights reserved. Best Practice Eric Comments SSH keys Use SCM to take stock of HIPS applications on your servers Firewalls VPC networks Service auditing Use SCM to assist with auditing events and activities based on inventory Updates and patching Use Patch Manager to provide automation with Patching activities Disable directory indexes Backup and recovery policies Use SolarWinds® Backup to assist with backup activities Source: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers (05/2020)
  25. 25. 25@solarwinds Logging Best Practices © 2020 SolarWinds Worldwide, LLC. All rights reserved. Best Practice Eric Comments Check your IT department’s security requirements up front IT often gets veto power on deals, so clarify requirements before evaluating options Store logs outside your data center You’ll need logs during outages and fires, so store them in a different availability zone or region Compare the TCO of self-hosting, cloud-hosting, and SaaS Open source is not free. Consider storage, compute, bandwidth, operational, and hidden costs Get input from users of the system before making a decision Let end users try out the options instead of making a top- down purchase decision Remember user experience problems are deal-breakers If end users find a tool hard to use, they will avoid it, offload to experts, or force a switch Set up common searches, dashboards, and alerts for your team It’ll be easier to get buy-in from your team if they see a valuable pattern and can build on it Source: https://www.loggly.com/blog/30-best-practices-logging-scale/ (05/2020)
  26. 26. 26@solarwinds Logging Best Practices (cont’d) © 2020 SolarWinds Worldwide, LLC. All rights reserved. Best Practice Eric Comments Test whether ingestion time is less than a few seconds Low latency is important for live monitoring and troubleshooting Test search performance at full volume and query complexity Small scale tests are not meaningful, so send realistic volumes and test real-world queries When self- or cloud-hosting, optimize for query performance No one wants slow performance. Add hot/cold nodes and optimize shard size and indexes for speed Automatically parse your logs at ingestion Parsing logs at search time is slower, and automatic rules save time over custom ones Onboard users and integrate into workflow Availability != effective use. Users need to understand it and fit it into their workflow Set up common searches, dashboards, and alerts for your team It’ll be easier to get buy-in from your team if they see a valuable pattern and can build on it Source: https://www.loggly.com/blog/30-best-practices-logging-scale/ (05/2020)
  27. 27. 27@solarwinds DEMO © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  28. 28. 28@solarwinds Resources to Help Reduce Vulnerabilities Review a blog on FISMA requirements: https://www.solarwinds.com/federal-government/solution/fisma-compliance-requirements Review a blog on how SolarWinds software can help with CIS controls: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2017/08/18/solarwinds-and-cis-critical-security- controls Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-compliance- with-solarwinds-products Review a blog on how SolarWinds software can help with DISA STIGS compliance: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-compliance-with-log- event-manager Watch a federal security compliance video: http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html Download a compliance white paper: https://try.solarwinds.com/gov/whitepapers/ultimate-guide-federal-it-compliance Download a continuous monitoring white paper: https://try.solarwinds.com/gov/whitepapers/daily-federal-compliance-and-continuous-cybersecurity-monitoring © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  29. 29. 29@solarwinds Q&A © 2020 SolarWinds Worldwide, LLC. All rights reserved. Call government sales: 877.946.3751 Contact federal sales: federalsales@solarwinds.com Contact state and local government sales: governmentsales@solarwinds.com Contact education sales: educationsales@solarwinds.com
  30. 30. 30@solarwinds Contact Us • Visit our THWACK® government group: http://thwack.com/government • Watch a short demo video: http://demo.solarwinds.com/sedemo/ • Download a free trial: http://www.solarwinds.com/downloads/ • Visit our government website: http://www.solarwinds.com/government • Call government sales: 877.946.3751 • Email SolarWinds federal government sales: federalsales@solarwinds.com • Email SolarWinds state and local government sales: governmentsales@solarwinds.com • Email SolarWinds education sales: educationsales@solarwinds.com • Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government Let us know how we can help you © 2020 SolarWinds Worldwide, LLC. All rights reserved.
  31. 31. 31@solarwinds The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies. © 2020 SolarWinds Worldwide, LLC. All rights reserved.