Attendees spent the day with SolarWinds learning how to get the most out of our network, systems, database, compliance and security products, and IT support tools. We discussed how we responded to the recent security incident, and how we’re moving forward with our Secure by Design approach. Our system engineers dove into the technical details, reviewed new products and features, and demonstrated configuration and integration points.
Presentation topics included technical updates on the following:
- Network management products and scaling the Orion® Platform
- Systems and database monitoring products
- Security and compliance products
- SolarWinds ITSM and support tools
91. 91
@solarwinds
The SolarWinds, SolarWinds & Design, Orion, and THWACK
trademarks are the exclusive property of SolarWinds Worldwide,
LLC or its affiliates, are registered with the U.S. Patent and
Trademark Office, and may be registered or pending registration
in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks or are registered or
pending registration. All other trademarks mentioned herein are
used for identification purposes only and are trademarks of (and
may be registered trademarks) of their respective companies.
Say:
And of course as we talk about customer’s journey – a huge part is migrating resources to public clouds like Azure and AWS. In this section we’re going to cover the problems and how the updates will help.
Do – Read the slide problems
Go to the next slide
What is SUNBURST? How is it related to SUNSPOT, TEARDROP, RAINDROP, SUNSHUTTLE, and GOLDMAX?
SUNBURST is a stage 1 attack that gives initial access to an environment. SUNBURST is the actual code that was injected into the Orion Platform. It is only known to affect Orion Platform software builds for versions 2019.4 HF 5, 2020.2 unpatched, and 2020.2 HF 1.
SUNSPOT is the tool used to inject SUNBURST into the Orion Platform.
TEARDROP, RAINDROP, SUNSHUTTLE, and GOLDMAX are stage 2 attacks exploited once initial access is given.
Experts believe this attack may have been conducted by an outside nation state, but we haven’t verified the identity of the attacker.
SUNSPOT, TEARDROP, RAINDROP, SUNSHUTTLE, and GOLDMAX are NOT new vulnerabilities within our products as some reports have indicated but are instead elements of the SUNBURST attack chain.
Secure our internal environment
Deploy additional, robust threat protection and threat hunting software on all our network endpoints, including a critical focus on our development environments
Reset credentials for all users in the corporate and product development domains, including resetting the credentials for all privileged accounts, and for all accounts used in building the Orion® Platform and related products
Consolidate remote and cloud access avenues for accessing the SolarWinds network and applications by enforcing multi-factor authentication (MFA)
Enhance our product development environment
Perform ongoing forensic analysis of our product development environments identifying root causes of the breach and taking remediation steps
Move to a completely new build environment with stricter access controls and deploying mechanisms to allow for reproducible builds from multiple independent pipelines
Ensure the security and integrity of our software
Add additional automated and manual checks to ensure that our compiled releases match our source code
Re-sign all Orion Platform software and related products, as well as all other SolarWinds products, with new digital certificates
Expand our vulnerability management program to reduce our average time-to-patch and to better enable us to work with the external security community
Perform extensive penetration testing of the Orion Platform software and related products to identify any potential issues which we will resolve with urgency
Leverage third-party tools to expand the security analysis of the source code for the Orion Platform software and related products
Engage with and funding ethical hacking from white hat communities to quickly identify, report, and remediate security issues across the entire SolarWinds portfolio
The Executive Order seeks to:
Remove Barriers to Threat Information Sharing Between Government and the Private Sector. Directs the federal government to remove contractual language for its vendors to make it easier for them to share information with executive departments and agencies (agencies) that are responsible for investigating or remediating cyber incidents, such as the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other elements of the Intelligence Community (IC) to assist in investigations of threats, incidents, and risks.
Modernize and Implement Stronger Cybersecurity Standards in the Federal Government. Directs the federal government to modernize its approach to cybersecurity, including by increasing its visibility into threats, while protecting privacy and civil liberties. This includes directives to adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.
Enhance Software Supply Chain Security. Directs the federal government to rapidly improve the security and integrity of the software supply chain, with a priority on addressing software vital to the federal government’s ability to perform its critical functions, by working with the private sector, academia, and security experts to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.
Establish a Cyber Safety Review Board. Directs the creation of a Board by the Secretary of Homeland Security, in consultation with the Attorney General. The Board will review and assess significant cyberincidents.
Standardize the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents. Directs DHS, including the Director of CISA, OMB, FCIOC, FCISC, SecDef, including the Director of the NSA, the AG, and DNI to develop a standard set of operational procedures (playbook) to be used in planning and conducting a cybersecurity vulnerability and incident response activity respecting federal government information systems.
Improve Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks. Directs the federal government to employ all appropriate resources and authorities to maximize the early detection of cybersecurity vulnerabilities and incidents on its networks. This approach shall include increasing the federal government’s visibility into and detection of cybersecurity vulnerabilities and threats to agency networks in order to bolster the federal government’s cybersecurity efforts.
Improve the Federal Government’s Investigative and Remediation Capabilities. Directs the federal government to develop new recommendations for event logging and data retention within agency systems and networks, including the types of logs to be maintained, the time periods to retain the logs and other relevant data, the time periods for agencies to enable recommended logging and security requirements, and how to protect logs—including cryptographic methods to ensure integrity once collected and periodically verified against the hashes throughout their retention, and in a manner consistent with all applicable privacy laws and regulations.
Network Performance Monitor
Azure VNet gateway monitoring. Display status and network traffic on Azure VNet gateways and site-to-site connections. Improved device views. Graphically display status, utilization, and position of ports on your Cisco Switch Stacks. Improved MIB updates. Check for and apply available MIB database updates directly from the Orion Web Console.
NetFlow Traffic Analyzer
Reconcile node flow volumes. Add endpoints to flow alerts. Share IP groups with IPAM. Improved support for vSphere distributed vSwitch.
Network Configuration Manager
Firmware upgrade improvements. Multiple firmware upgrade operations designed to run simultaneously. Users with NCM Web Uploader can perform firmware operations. Upgrade operations now reported as Orion events.
IP Address Manager (2020.2)
Refreshed user interface. Improved workflows on DHCP and DNS management pages. Dynamic filtering to more efficiently find the address resources you’re looking for.
User Device Tracker
Viptela vEdge support. See what’s plugged into your SD-WAN edge device.
VoIP & Network Quality Manager
Monitor IP SLA operations from your Cisco Nexus data center switches.
08.24.20 – Server and Application Monitor 2020.2.1
API Poller improvements
A new Manage API Pollers page serves as a central location where you can add, import, edit, copy, reassign, delete, or export API pollers
String monitoring support for APIs that return status (for example, Up or Down) or expected strings (True, False)
Chain multiple API requests to save a value from one request for use as a variable in subsequent requests; this can be useful for APIs that involve tokens, sessions, or endpoint discovery
Monitor response headers
Use custom properties in headers
New API Poller templates for Microsoft 365
Use the latest out-of-the-box templates to capture metrics for Office 365, now called Microsoft 365
Expanded remote monitoring with Orion Remote Collector
Chargeback reports
Allows IT to specify reporting based on hosts or clusters, choose a given timeframe, and deliver an accounting of their costs based on CPU, Memory, Storage, and vCPU usage
AHV = Acropolis Hypervisor
Web Performance Monitor
Pingdom® integration. Save transactions created in the new recorder to your Pingdom account. Improved authentication support (NTLM, Basic, Cert) and proxy support in the new recorder.
Log Analyzer
Flat log file ingestion. Ingest logs from popular applications and view them in real time alongside other critical log data.
08.24.20 – Server Configuration Monitor 2020.2.1
Policy compliance
Track compliance percentage across your environment over time
Drill down from policy summaries to nodes to individual rules, and see both a description of what the rule is monitoring and the steps to remediate failed compliance
Out-of-the-box STIG policies include
Windows Server 2016
SQL Server 2016 Instance
IIS 8.5 Server
Compliance reports
Provide quick visibility of both overall compliance and the details of every evaluated rule
New alerts
Manage your connector
Import and export policies
Manage your connector
[top bullet is from SWI COVID-19 Message Master 20-0325; applies to all]
APPOPTICS AT A GLANCE
» Full-stack visibility – Monitor performance of custom on-premises and highly distributed cloud applications across services, hosts, containers, and platforms down to the code.
» Reduce MTTR – Monitoring infrastructure and application metrics side-by-side reduces the time it takes to identify what part of the stack is failing, so you can quickly get to the root cause.
» Measure what matters – Use both out-of-the-box metrics and the flexibility to define your own. You can track and measure the performance of systems that matter to your organization across all layers of the application.
» Combine metrics, traces, and logs – One-click drill down into all the log lines associated with a specific trace (auto-instrumented for SolarWinds Loggly® and SolarWinds Papertrail™ log management and monitoring)
» Align performance goals with business goals – Incorporate custom metrics to combine business metrics side-by-side with system metrics. See and measure the impact infrastructure and application performance has on your business performance.
» Highly scalable – Cost-effectively scale as your business scales with analytics and trend reporting, providing you with insights into short- and long-term changes to performance and resource utilization.
Cross-stack Correlation for Your IT Data!
Drag and drop any metric into a composite metrics dashboard
Compare disparate metrics and events across hybrid infrastructure
Identify patterns and the root cause of problems
Go back in time to understand the cause of system behavior in the past
What is it?
The AppStack concept is the monitoring of an Application throughout the entire stack – application, database, virtualization, server, and storage layers – so the location of any performance bottlenecks can quickly and easily determined.
How is it accomplished?
Utilizing our Server and Application Monitor (SAM), Virtualization Manager (VMan), and Storage Manager (STM) products we can see each piece of the puzzle. With integration amongst the products, we can follow the breadcrumbs to see where the issue lies.
05.12.20 – Orion Platform 2020.2
Platform features
Performance improvements
Orion® Platform web interface optimizations and improvements. Configuration Wizard acceleration.
Orion Maps improvements
Create and customize text boxes and contextual labels. Incorporate custom icons, adjust scale/positioning, or change styling. Bulk administration tools for adding shapes, moving images to front/back, and customizing layouts.
Upgrade improvements
Pre-stage future upgrades to minimize downtime. Preplan upgrades and generate an upgrade plan report. Automate upgrades via the Orion SDK.
Powerful new custom summary dashboards
Proportional (Donut/Pie) Widget
KPI (Big Number) Widget
Custom Table Widget
PerfStack™ (Time Series) Widget
[a summary of the online scalability guidelines is in the appendix]
11.18.20 – Security Event Manager 2020.4
UI updates
Continued transition from Flash to HTML5
Navigation
The SEM navigation bar has been updated, enabling narrower browser widths, separating Live Events and Historical Events, adding Admin, and renaming Groups as Configure
Saved and Scheduled Searches
Searches can be saved, loaded, browsed and scheduled in Historical events
Searches created in nDepth are migrated, although scheduling information will need to be migrated manually
LDAP Settings
LDAP connections are now used for authentication and Directory Service groups
All existing Directory Service Tool connectors will be migrated if possible
LDAP and Email recipients
When setting Send Email actions for Rules or configuring scheduled searches, email addresses can now be added from configured LDAP connections or input directly, in addition to SEM users
Directory Service groups
Directory service groups can be imported from your configured LDAP connections
05.12.20 – Security Event Manager 2020.2
Interactive histogram and query builder
Navigate and analyze historical events with the interactive histogram and query builder; click to drill down to when the most events are occurring and quickly filter critical events
UI updates to connector profiles and users
Manage your connector profiles and users in the new interface
05.12.20 – Access Rights Manager 2020.2
Monitor events in Azure Active Directory
Monitor events in Azure Active Directory (AAD) and use the new web timeline view to analyze events from several sources
Let data owners review and recertify AD group memberships
Let data owners review AD group memberships with the new recertification functionality
Support for Microsoft Teams
Analyze, report, and manage access rights and team memberships on Microsoft Teams
[top bullet is from SWI COVID-19 Message Master 20-0325]
A Complete Service Management Platform
» A single platform for service management, IT asset management, configuration management, and much more.
» ITIL-ready service desk complete with Incident, Problem, Change, and Release Management capabilities.
» Advanced reporting modules to analyze trends, monitor service quality, and continuously improve service management processes.
A Service Desk for the Digital Age
» Enhance agent and employee productivity with native artificial intelligence (AI) and machine learning technologies.
» Manage your organization’s processes, automate repetitive tasks, and drive greater service efficiency and agent productivity with robust automation and workflow engines.
» Developed by a team of ITSM veterans who understand the challenges IT support teams have and built a solution that lets you work the way you want to.
Provide Your Employees with the Experience They Deserve
» Give your employees the flexibility to interact with the service desk through multiple channels, including email, phone, walk-up, chat, or a service portal.
» Manage and measure your Service Level Agreements (SLAs) and Customer Satisfaction (CSAT), highlighting opportunities to improve the overall employee experience.
» Scale the SolarWinds Service Desk across personnel, sites, and departments to provide consistent standards of employee service throughout your organization.
An Easier Service Desk to Manage
» Leverage the power of the cloud with a modern SaaS architecture, hosted on Amazon Web Services® (AWS® ), to provide scalability to meet the needs of various industries and organization sizes.
» Implement the service desk quickly, and easily make system changes to meet your evolving business needs with our configurable (no coding required), intuitive setup options.
» Allows continuous deployment, meaning you are always on the latest version, requiring no costly and time-consuming upgrade cycles.
A few extra NPM details-
Main Polling Engine Limits
~12k elements at standard polling frequencies:
Node and interface up/down: 2 minutes/poll
Node statistics: 10 minutes/poll
Interface statistics: 9 minutes/poll
SNMP Traps: ~500 messages per second (~1.8 million messages/hr)
Syslog: 700 - 1,000 messages/second (2.5 - 3.6 million messages/hr)
NetPathTM Scalability
The scalability of NetPath™ depends on the complexity of the paths you are monitoring, and the interval at which you are monitoring them.
In most network environments:
You can add up to 100 paths per polling engine.
You can add 10 - 20 paths per probe.See NetPath requirements for more information.
SEM is the only non Orion-based product included in this table; not sure it belongs here to be honest.
VMAN 8.4 Feature: VMware Events Add-on
The VMware Events Add-on is now available as an option add-on in VMAN 8.4. Install the add-on with the SolarWinds Orion Installer to add VMware Event monitoring capability to VMAN. Monitor VMware Events directly in the Orion Web Console. View logged VMware Events, see related events, and create VMAN Orion alerts that trigger from VMware Events.