Embed Size (px)
Citation preview
@solarwinds
Best Practices and Tools for Reducing
Insider Threats
March 12, 2019
@solarwinds 2
• SolarWinds Overview
• Leading Sources of Security Threats
• Insider Threat Flow Response Process
• SolarWinds® Security and Network Tools Can Help
• Building Security Into Your IT Security Posture
• Compliance Resources
• Q&A
Presented by:
Alexander Ortiz
Sales Engineer
SolarWinds
Agenda
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
@solarwinds 4
SolarWinds at a Glance
© 2019 SolarWinds Worldwide, LLC. All rights reserved.
1. Customers are defined as individuals or entities that have an active subscription for our subscription products or that have purchased one or more of our perpetual license products since our inception under a unique customer identification number. We may have multiple purchasers of our products within a single organization, each of which may be assigned a unique customer identification number and deemed a separate customer.
2. IDC defined Network Management Software functional market, IDC’s Worldwide Semiannual Software Tracker, April 2018.3. Source: Gartner, Market Share Analysis: ITOM: Performance Analysis Software, Worldwide, 2017. July 9, 2018. (AIOps/ITIM/Other Monitoring Tools Software Market ). SolarWinds term, Systems Management, refers to the AIOps/ITIM/Other Monitoring Tools Software
Market Taxonomy referenced in the Gartner report. All statements in this report attributable to Gartner represent SolarWinds interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this [presentation]). The opinions expressed in Gartner publications are not representations of fact and are subject to change without notice.
#1 in Network
Management2
300,000+customers in 190
countries 1
55+IT management
products
22,000+ MSPs serving 450,000+ organizations
Every branch of the DoD, and nearly every civilian and
intelligence agency
150,000+ registered members of THWACK®, our global IT community
Founded in 1999More than 2,500
employees globally Austin, TX headquarters
30+ offices globally
Leader in Remote Monitoring
and Management
#4 in Systems
Management3
Growing Security Portfolio
499 of Fortune 500®
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 5
Sources of Security Threats
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200Note: Multiple responses allowed
2%
1%
2%
12%
17%
20%
29%
34%
38%
48%
54%
0% 10% 20% 30% 40% 50% 60%
None of the above
Other
Unsure of these threats
Industrial spies
For-profit crime
Terrorists
Malicious insiders
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
By Agency TypeDefense Civilian
40% 21%
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
IT SECURITY OBSTACLES, THREATS, AND BREACHES 6
Sources of Security Threats - Trend
What are the greatest sources of IT security threats to your agency? (select all that apply)
N=200Note: Multiple responses allowed = statistically significant difference= top 3 sources
2014 2015 2016 2017
Careless/untrained insiders 42% 53% 48% 54%
Foreign governments 34% 38% 48% 48%
General hacking community 47% 46% 46% 38%
Hacktivists 26% 30% 38% 34%
Malicious insiders 17% 23% 22% 29%
Terrorists 21% 18% 24% 20%
For-profit crime 11% 14% 18% 17%
Industrial spies 6% 10% 16% 12%
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
7
Insider Threat Detection Difficulties
2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
In today’s environment, what makes insider threat detection and prevention more difficult?
3%
19%
22%
23%
24%
24%
26%
27%
27%
30%
34%
35%
35%40%
0% 10% 20% 30% 40% 50%
Other
Functionality of and access to critical systems
Inadequate change control practices
Complexity of monitoring tools
Inadequate configuration management of IT assets
Inadequate visibility into users’ network activity
Inadequate monitoring of storage devices
Growing adoption of BYOD
Cost of sophisticated tools
Use of mobile devices
Pressure to change IT configurations quickly more so than…
Growing use of cloud services
Lack of IT staff training
Volume of network activity
Defense Civilian
Inadequate configuration management of IT assets
17% 28%
Inadequate monitoring of storage devices
18% 32%
= statistically significant difference
Note: Multiple responses allowed
N=200
IT/ Security Staff
IT/SecurityManager/ Director
Volume of networkactivity
29% 44%
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2018 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4%
24%
28%
31%
33%
36%
37%
37%
41%
44%
49%
0% 10% 20% 30% 40% 50% 60%
Other
Insecure configuration of IT assets
Incorrect disposal of hardware
Not applying security updates
Incorrect use of approved personal devices
Device loss
Poor password management
Using personal devices that are against company IT policies
Accidentally deleting, corrupting or modifying critical data
Data copied to insecure device
Phishing attacks
8
Accidental Insider Breach Causes
2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES
What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee?
Note: Multiple responses allowed
N=200
Defense Civilian
Device loss 26% 43%
= statistically significant difference
IT/ Security Staff
IT/SecurityManager/ Director
Insecure configuration of IT assets
17% 36%
@solarwinds 9
Insider Threat Flow Response Process
Policy Implementation:
• Reduced risk of outages and security breaches
• Help assure service health and performance
• Stricter control of change and configuration management process
• Faster problem identification and resolution
• Visibility to design changes that avoid future problems
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds 10
Insider Threat: Identify
Identify:
• Updated Inventory of Infrastructure
• Understanding of your Area of Responsibility
• Know and protect your critical assets
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds 11
Insider Threat: Control
Control:Organizations typically have a number of tools and processes to plan for and document expected changes
• Develop a formalized insider threat program
• Configuration management tools can help inventory network device configurations, assess them for compliance, and automate change and configuration management
• Configuration Control and automation
• Security Event Appliance (SEIM) Tools to collect, correlate, and respond to threats through automation rulesets
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds 12
Insider Threat: Monitor
Monitor:• Deploy solutions for monitoring employee actions and
correlating information from multiple data sources
• Network, application, and system monitoring, and management tools, provide needed visibility
• These tools continuously collect data on IT operations and alert on anomalies
• Infrastructure performance monitoring metrics can compliment your other security tools to help detect and mitigate issues, such as Advanced Persistent Threats
• Infrastructure broken into different focuses:
• Systems
• Network
• Management/Mission Impact© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds 13
Insider Threat: Verify
Verify:• Performance baselines can help identify threats, and
provide constant and valuable insight into network activities
• Clearly document and consistently enforce policies and controls
• Device tracking provides forensic data to help locate, identify, and isolate threat sources, or enforce your BYOD/mobility policies
• Key Areas:
• Reports
• Compliance
• Thresholds
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds 14
Insider Threat: Repetition
Process Repetition:
• Policy strategy, success for all
• Simple: simplicity is key with an emphasis on ease of use to utilize configuration monitoring, alerting, and auditing
• Incorporate malicious and unintentional insider threat awareness into periodic security training for all employees
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Threat ProcessWheel
@solarwinds
Security and Network Management Tools Can Help Security and network management tools can help with compliance
Log & Event Manager
Patch ManagerNetwork Performance Monitor
Network Configuration Manager
Access Rights Manager
Server Configuration Monitor
More information: https://www.solarwinds.com/it-security-management-tools
© 2018 SolarWinds Worldwide, LLC. All rights reserved. 15
IP Address Manager
User Device Tracker
@solarwinds 16
Threat Process Wheel Aligned to SolarWinds Products
© 2018 SolarWinds Worldwide, LLC. All rights reserved.
Control
Monitor
Verify
Plan
Identify
Log & Event Manager
Network Performance Monitor
Network Configuration Manager
IP Address Manager
User Device Tracker
Patch Manager
Server Configuration Monitor
Network Topology Mapper
Threat ProcessWheel
Network Performance Monitor Access Rights
Manager
@solarwinds
• Embed security practices and conversations about good security habits within your daily office environment
• Gamifying security training
• Document and test your security policies
• Conduct annual security awareness training
• Leverage cyber security certification training (e.g., DOD 8570)
• Document security incident reporting procedures (e.g., wallet cards, desk references, etc.)
• Utilize Two Factor Authentication
Build Security Into Your Community
27© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
@solarwinds
• Implement an approach styled after a Secure Development Lifecycle (SDL)
• SDLs consist of the security processes and activities performed for every software release
• Although conceived for development, their principles can be applied across your company
• For example, by agreeing upon standard security practices for processes that involve sensitive data, you can help instill Information Security (InfoSec) into your company
Build Security Into Your Community
28© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
@solarwinds
When Combating the Insider Threats
• Meeting compliance standards does not mean you are secure
• Careless or untrained insiders can be the largest source of security threats
• High-performing companies with excellent IT controls experience:
• Fewer cyberthreats
• Faster response time to threats
• Positive results from IT modernization initiatives
• Continuous review of your IT controls may help to improve your security posture
• SolarWinds has tools designed to help
29© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
@solarwinds
• Review a blog on how SolarWinds software can help with NIST FISMA/RMF compliance: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-compliance-with-solarwinds-products
• Review a blog on how SolarWinds software can help with DISA STIGS compliance: https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-compliance-with-log-event-manager
• Watch a federal security compliance video: http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a compliance white paper: http://go.solarwinds.com/Compliance_LEM_16?Program=999&c=70150000000qf3c
• Download a continuous monitoring white paper: http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
Compliance Resources
31© 2018 SolarWinds Worldwide, LLC. All Rights Reserved.
@solarwinds
THANK
YOU!32© 2019 SolarWinds Worldwide, LLC. All rights reserved.
