federal webinar: security compliance with solarwinds network management tools
TRANSCRIPT
SECURITY COMPLIANCE WITH SOLARWINDS® NETWORK MANAGEMENT TOOLSSeptember 20, 2016
Sean Mart inez, Senior Federal Sales Engineersean.mart [email protected] (off ice)
Omar Raf ik, Senior Federal Sales Engineeromar.raf [email protected] (off ice)
AGENDA
• SolarWinds Overview
• Security Compliance Overview
• Security Compliance with SolarWinds Products
• Product Demonstrations
• Questions and Answers
2© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SOLARWINDS OVERVIEW
• Over 150,000 customers in 170 countries; SMB to Fortune 500®
• More than 425 of the Fortune 500 are customers
• Every branch of DOD and virtually every Civilian and Intelligence agency
• SolarWinds named to Gartner® Magic Quadrant for Network Performance Monitoring and Diagnostics, Feb. 2016
• Headquarters in Austin, TX
• Federal Office in Herndon, VA
• 1800+ employees worldwide
3
The power to manage IT
User Experience
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Product Mission: Enable IT & DevOps pros to proactively and reactively monitor, alert, troubleshoot and resolve issues quicklyProduct Principles: Fast, Easy and Affordable
WHAT WE OFFER TODAY Building towards our future
Network Management
Performance
Configuration
IP Address
VoIP
Systems andApp Management
Servers & Apps
Virtualization
Storage
Database Management
Database Performance
Tools
Remote Troubleshooting
Web Help Desk®
Topology Mapping
Security Management
Log & Event
Patch
Configuration• MySQL® • Oracle®
• SQL Server®
• DB2®
• SAP® ASE
Device Tracking Secure File Transfer
Web Performance
4© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURITY COMPLIANCE OVERVIEW
5© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• The implementation of National Institute of Standards and Technology (NIST) Federal Information Security Management Act (FISMA) is designed to protect the nation’s critical infrastructure
o Provides standards for categorizing IT systems by mission impact (FIPS 199)o Establishes minimum security standards for data and IT systems (FIPS 200)o Establishes baseline security controls and provides guidance for selecting, implementing, and assessing
security controls and assuring their effectiveness (SP 800-53)
• The Risk Management Framework (RMF) provides a framework that combines IT security and risk management into the systems development lifecycle (SP 800-37)
o DOD has adopted the 6-step RMF to transform the traditional C&A processo Categorize your IT assets and identify critical infrastructureo Implement security controls and assess that they are implemented correctlyo Operate assets and monitor effectiveness and vulnerabilities of security controls
COMPLIANCE OVERVIEW
6© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• DOD mandates usage of Security Technical Implementation Guides (STIGS) to standardize secure infrastructure installation and maintenance; these guides were developed by DISA to reduce vulnerability
o Create an inventory of all systems and software in order to determine which STIGS to applyo Monitor configurations and produce compliance reportso Manage configurations to achieve and maintain compliance
• And, let’s not forget about dreaded audits, including DISA Command Cyber Readiness Inspections (CCRI), and OMB/GAO audits
o Preparing for an audit requires considerable documentation and compliance reportingo Audits require detailed knowledge of networked hardware and applications, including asset inventories,
locations, configurations, access privileges, and vulnerabilitieso Which systems are being attacked, and are any still compromised?o IT Pros need to be able to quickly respond to auditor inquiries and provide accurate details
COMPLIANCE OVERVIEW (CONT’D)
7© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SECURITY COMPLIANCE WITH SOLARWINDS PRODUCTS
8© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
6 SOLARWINDS PRODUCTS TO IMPROVE YOUR SECURITY COMPLIANCE
• Centralized network device change and configuration management
• Fault, availability, path and performance monitoring for networks of all sizes
• Real-time security information and event management (SIEM) software
• Centralized patch management for Windows® desktops, laptops, and servers
• Centrally manage your entire IP infrastructure and fix conflicts
• Automated device tracking and switch port management
Network Performance Monitor
Network Configuration Manager
IP Address Manager
User Device Tracker
9© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network Management and Security products to help with compliance
Patch Manager
Log & Event Manager
More information- http://www.solarwinds.com/federal_government/solution/continuous-monitoring.aspx http://www.solarwinds.com/federal_government/solution/cyber-security.aspx
SOLARWINDS SECURITY COMPLIANCE PRODUCT DETAILS
10
• Inventory and standardize network device configurations
• Assess configurations for compliance • Automate change and configuration management• Automatically back-up device configurations and
rollback non-compliant configurations• Proactively scan IOS devices for new vulnerabilities• Implement configuration of security controls and
assure their effectiveness• Produce FISMA and STIGS compliance reports from
configuration templates• Produce audit documentation and reports
Network Configuration Manager
• Quickly detect, diagnose, and resolve network performance problems and outages
• Trend utilization for capacity planning• Track multicast or firewall port discards• Monitor network health and availability• Identify protocol latency delays• Produce audit documentation and reports
Network Performance Monitor
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
11
• Configure correlation rules to help assure effectiveness of security controls
• Real-time and continuous monitoring of security controls
• Produce FISMA and STIGS compliance reports from templates
• Supports STIG requirements for configuration auditing, log analysis and broader network security
• Tracks and report suspicious activities/attacks to provide auditing support
Log & Event Manager
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SOLARWINDS SECURITY COMPLIANCE PRODUCT DETAILS (CONT’D)
• Automated subnet discovery and IP scanning• Improve DHCP and DNS administration• Get alerts when DNS entries don’t match• IP detail and history tracking
IP Address Manager
• Always know when and where users and end point devices are connected to your network
• Track endpoint devices by MAC and IP address on wired and wireless networks
• Detect rogue devices and users to improve network security using watch lists, alerts, and port shutdown
• Remotely turn switch ports on and off to improve security, or block endpoints and users
User Device Tracker
• Automate patching of Microsoft® and 3rd party applications to improve compliance
• Schedule patches for minimum downtime• Inventory software and physical components per
server or workstation
Patch Manager
• Access Controlso Network Configuration Manager (NCM) can help you monitor/manage network system
configurations, real-time changes, or identify violationso Log & Event Manager (LEM) can help audit and monitor for potential changes
• Audit and Accountabilityo NCM tracks who requested the configuration change, or who made the change directlyo LEM can help satisfy some controls directly
• Configuration Managemento NCM can satisfy some controls directly, and includes prebuilt templates for compliance with
configuration policies for network deviceso Patch Manager (Patch) and LEM can also help in a few key areas
FISMA SECURITY CONTROLS WHERE WE CAN HELP
12© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• Incident Responseo LEM provides help when it comes to incident generation and investigationo Users can also leverage active response to deal with incidents as they occur
• System Maintenance o NCM helps with controlling and managing configuration approvals, and keeps a history o LEM can help alert when logs don't seem to be according to expected maintenance policies
• Media Protectiono LEM's USB-Defender® feature can help with automated controls of removable USB devices
• Security Planningo NCM Approval allows an approval authority before making changes affecting the networko LEM can be used to centrally manage auditing and monitoring, and supports defense-in-depth
FISMA SECURITY CONTROLS WHERE WE CAN HELP (CONT’D)
13© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• Personnel Securityo A lot of this control area is external and policy-related, but LEM can be used to help ensure
what should happen actually did (i.e. trust, but verify)
• Risk Assessmento LEM and Patch both help with vulnerability scanningo Patch can notify or auto update missing patches on affected systems
• System and Communication Protectiono Many of our solutions help detect Denial of Service attackso We also offer tools to support boundary protection and VoIP
• System and Information Integrityo There are a good number of areas where LEM helps with this control for auditing
14
FISMA SECURITY CONTROLS WHERE WE CAN HELP (CONT’D)
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• NCM has a range of features to support STIG complianceo Includes DISA STIG and NIST FISMA reports o Real-time configuration change alertingo IOS vulnerability scanningo User roles, permissions, and activity trackingo Remote firmware and IOS transfers
• LEM has a range of features to support STIG complianceo Supports DISA STIG compliance via our real-time monitoring of related events across systems,
network devices, applications, and security toolso Supports configuration auditing, including logs of relevant STIG best practices, configuration
changes, installation of unapproved software, and moreo Many of LEM’s out of the box rules can be used to address STIGSo LEM also includes STIG and FISMA compliance reports
DISA STIG COMPLIANCE AND WHERE WE CAN HELP
15© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• Review our NIST FISMA/RMF compliance blog:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2015/08/01/fisma-nist-800-53-compliance-with-solarwinds-products
• Review our DISA STIGS compliance blog:
https://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2011/09/07/disa-stig-compliance-with-log-event-manager
• Download a Federal Compliance whitepaper:
http://www.solarwinds.com/resources/whitepaper/compliance-guide-for-federal-security-and-it-pros.html
• Watch a Federal Security Compliance video:
http://www.solarwinds.com/resources/videos/solarwinds-federal-security-compliance.html
• Download a Continuous Monitoring whitepaper:
http://go.solarwinds.com/fedcyberWP?=70150000000Plgf
16
COMPLIANCE RESOURCESLet us know how we can help you
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SOLARWINDS COMPLIANCE PRODUCT DEMONSTRATIONS
17© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network Configuration Manager
Network Performance Monitor
Log & Event Manager
Patch Manager
Contact Us:SolarWinds
Call: 877-946-3751Email: [email protected]
Q & A
18© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
• Watch short demo videos: http://demo.solarwinds.com/sedemo/
• Download a free trial: http://www.solarwinds.com/downloads/
• Visit our Federal website: http://www.solarwinds.com/federal
• Call the SolarWinds Federal sales team: 877-946-3751
• Email federal sales: [email protected]
• Visit our THWACK® government group: http://thwack.com/government
• Follow us on LinkedIn®: https://www.linkedin.com/company/solarwinds-government
19
ADDITIONAL RESOURCESLet us know how we can help you
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, and its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or
pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or
registered trademarks of their respective companies.
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.