Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Similar documents
CLOSING IN FEDERAL ENDPOINT SECURITY

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Reducing Cybersecurity Costs & Risk through Automation Technologies

CYBERSECURITY RESILIENCE

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Building a Threat Intelligence Program

WHITE PAPER. The Top 5 Threats in File Server Management

ACHIEVING FIFTH GENERATION CYBER SECURITY

Cybersecurity Auditing in an Unsecure World

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

mhealth SECURITY: STATS AND SOLUTIONS

Defensible and Beyond

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Defense in Depth Security in the Enterprise

U.S. State of Cybercrime

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

DIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance

Building a Resilient Security Posture for Effective Breach Prevention

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Cybersecurity 2016 Survey Summary Report of Survey Results

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Tripwire State of Container Security Report

Service Provider View of Cyber Security. July 2017

10 FOCUS AREAS FOR BREACH PREVENTION

CloudSOC and Security.cloud for Microsoft Office 365

Cybersecurity Survey Results

Cybersecurity Today Avoid Becoming a News Headline

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

CYBER SOLUTIONS & THREAT INTELLIGENCE

ACM Retreat - Today s Topics:

SIEM: Five Requirements that Solve the Bigger Business Issues

Office 365 Buyers Guide: Best Practices for Securing Office 365

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

2017 Annual Meeting of Members and Board of Directors Meeting

with Advanced Protection

Monthly Cyber Threat Briefing

A Global Look at IT Audit Best Practices

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

Cybersecurity The Evolving Landscape

BETTER Mobile Threat Defense (BMTD)

Cybersecurity for Service Providers

Combating Cyber Risk in the Supply Chain

IoT & SCADA Cyber Security Services

IT TRENDS REPORT 2016:

Cyber Risks in the Boardroom Conference

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Defending Our Digital Density.

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

deep (i) the most advanced solution for managed security services

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Information Governance, the Next Evolution of Privacy and Security

Gujarat Forensic Sciences University

Security in a Converging IT/OT World

IT TRENDS REPORT 2016:

Heavy Vehicle Cyber Security Bulletin

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Tripwire State of Cyber Hygiene Report

Cyber Security. It s not just about technology. May 2017

The McGill University Health Centre (MUHC)

ADVANCED THREAT PREVENTION FOR ENDPOINT DEVICES 5 th GENERATION OF CYBER SECURITY

ForeScout Extended Module for Splunk

External Supplier Control Obligations. Cyber Security

CyberEdge Group 2018 Cyberthreat Defense Report

From Managed Security Services to the next evolution of CyberSoc Services

The New Era of Cognitive Security

2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

What It Takes to be a CISO in 2017

CYBER ATTACKS DON T DISCRIMINATE. Michael Purcell, Systems Engineer Manager

IT risks and controls

STATE OF THE NETWORK STUDY

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Threat Centric Vulnerability Management

Securing Digital Transformation

Understanding the Changing Cybersecurity Problem

Vulnerability Management Survey

Spotlight Report. Information Security. Presented by. Group Partner

locuz.com SOC Services

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

May the (IBM) X-Force Be With You

Uncovering the Risk of SAP Cyber Breaches

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cyber Resilience - Protecting your Business 1

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

As Enterprise Mobility Usage Escalates, So Does Security Risk

The Impact of Cybersecurity, Data Privacy and Social Media

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Transcription:

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com 703.386.2637 (office)

SolarWinds 2017 Federal Cybersecurity Survey SolarWinds contracted Market Connections to conduct a fourth annual blind online survey among 200 federal government IT decision makers and influencers in July 2017 The objectives were to determine challenges, quantify sources and types of threats, and explore successful cybersecurity strategies

IT SECURITY OBSTACLES, THREATS AND BREACHES 3 Sources of Security Threats Careless/untrained insiders and foreign governments are noted as the largest sources of security threats at federal agencies. Significantly more defense than civilian respondents indicate malicious insiders is a security threat at their agency. Careless/untrained insiders Foreign governments General hacking community Hacktivists Malicious insiders Terrorists For profit crime Industrial spies Unsure of these threats Other None of the above 2% 1% 2% 12% 17% 20% 29% 34% 38% By Agency Type Defense Civilian 40% 21% 48% 54% Note: Multiple responses allowed 0% 10% 20% 30% 40% 50% 60% = statistically significant difference What are the greatest sources of IT security threats to your agency? (select all that apply)

IT SECURITY OBSTACLES, THREATS AND BREACHES 4 Sources of Security Threats Trend There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate significant increases in threats from both careless/untrained and malicious insiders. 2014 2015 2016 2017 Careless/untrained insiders 42% 53% 48% 54% Foreign governments 34% 38% 48% 48% General hacking community 47% 46% 46% 38% Hacktivists 26% 30% 38% 34% Malicious insiders 17% 23% 22% 29% Terrorists 21% 18% 24% 20% For profit crime 11% 14% 18% 17% Industrial spies 6% 10% 16% 12% Note: Multiple responses allowed = top 3 sources = statistically significant difference What are the greatest sources of IT security threats to your agency? (select all that apply)

2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES 5 Insider Threat Detection Difficulties The volume of network activity is noted most often as what makes insider threat detection and prevention most difficult. One third also note the lack of IT staff training, the use of cloud services and pressure to change configuration quickly versus securely. Volume of network activity Lack of IT staff training Growing use of cloud services Use of mobile devices Cost of sophisticated tools Growing adoption of BYOD Inadequate monitoring of storage devices Inadequate visibility into users network activity Complexity of monitoring tools Inadequate change control practices Functionality of and access to critical systems Other Note: Multiple responses allowed = statistically significant difference 3% In today s environment, what makes insider threat detection and prevention more difficult? 40% 35% 35% 34% 30% 27% 27% 26% 24% 24% 23% 22% 19% Volume of network activity Inadequate configuration management of IT assets Inadequate monitoring of storage devices 0% 10% 20% 30% 40% 50% IT/ Security Staff Defense IT/Security Manager/ Director 29% 44% Civilian 17% 28% 18% 32% 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

2015 CYBERSECURITY SURVEY: INSIDER BREACH CAUSES AND DETECTION DIFFICULTIES 6 Accidental Insider Breach Causes The most common causes of accidental insider IT security breaches are phishing attacks, followed by data copied to an insecure device and accidentally deleting, corrupting or modifying critical data. Phishing attacks Data copied to insecure device Accidentally deleting, corrupting or Using personal devices that are against Poor password management Incorrect use of approved personal devices Not applying security updates Incorrect disposal of hardware Insecure configuration of IT assets Note: Multiple responses allowed = statistically significant difference Device loss Other 4% 24% 28% 33% 31% 37% 37% 36% 41% 44% 49% 0% 10% 20% 30% 40% 50% 60% What are the most common causes of accidental insider IT security breaches caused by the untrained or careless employee? Insecure configuration of IT assets IT/ Security Staff IT/Security Manager/ Director 17% 36% Defense Civilian Device loss 26% 43% 2015 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.

IT SECURITY OBSTACLES, THREATS AND BREACHES 7 Change in Security Threats In the past 12 months, half of respondents have seen SPAM and malware increase at their agency. Decreased No Change Increased SPAM 16% 32% 52% Malware 14% 35% 50% Social engineering 12% 45% 43% Ransomware 9% 54% 37% External hacking 14% 49% 37% Denial of service 11% 60% 29% Insider data leakage/theft 16% 59% 25% Physical security attacks 18% 58% 23% Mobile device theft 10% 68% 22% APT 12% 74% 14% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% In the past 12 months, has your agency seen any changes in the following types of cyber security threats?

RISK MANAGEMENT 8 Managing Risk Respondents most often indicate tools to monitor and report risk and IT modernization have contributed to successfully managing risk. Still, one third note IT modernization has posed more of a challenge. 3% 5% 8% 10% 19% 30% 28% 34% 20% 34% 26% 22% 46% 43% 38% 34% DK/NA Had no effect Posed more of a challenge Contributed to success Tools to monitor and report risk IT modernization Network optimization Data center optimization How have the items below challenged or contributed to your agency s ability to manage risk as part of its overall security posture in the past 12 months?

Combating the Insider Threat Survey Indicated Four Pillars Needed Have a documented security policy Have security controls in place that are regularly exercised Implement a security in depth multi vendor toolset Embrace analytics, automation, and artificial intelligence to detect vulnerabilities and changes in your security posture

RISK MANAGEMENT 10 Security Product Effectiveness Over two thirds indicate the effectiveness is high for Smart Card/CAC to foster network and application security. Smart Card / Common Access Card Identity and access management tools Endpoint security software Network admission control (NAC) solutions Patch management software Configuration management software Web application security tools File integrity monitoring software SIEM software Messaging security software Don't use Low Moderate High 3% 4% 26% 68% 2% 4% 3% 6% 4% 7% 4% 8% 4% 8% 2% 11% 38% 56% 44% 48% 44% 46% 44% 45% 47% 42% 49% 38% 8% 9% 48% 36% 6% 7% 51% 36% 8% 14% 48% 32% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% The following are tools and practices that foster network and application security. Please indicate the effectiveness for each.

AGENCY ASSESSMENT 11 Agency Assessment Evidence of IT Controls More than three quarters describe their agency s ability to provide managers and auditors with evidence of appropriate IT controls as either excellent or good. Excellent We have documented policies, procedures and technology in place to validate controls via scheduled reports. Good We have updated policies, procedures and technology. Reports are generated on a regular basis. 27% 52% Excellent/ Good 79% Fair We have outdated policies, procedures and technology in place. Reports are generated on an ad hoc basis. 18% Poor We lack the necessary tools & documentation to provide evidence of IT controls. 2% 0% 10% 20% 30% 40% 50% 60% How would you describe your agency s ability to provide managers and auditors with evidence of appropriate IT controls?

RISK MANAGEMENT 12 Impediments of Detection and Remediation Half of respondents note a shortage of funding and resources is the greatest impediment to detection and remediation of security issues at their agency. Note: Multiple responses allowed Shortage of funding and resources Shortage of skills Insufficient user awareness training Inability to link response systems to root out the cause Lack of visibility into the network traffic and logs Insufficient collection of operational & security related data to detect threats Difficulty seeing into cloud based applications and processes Lack of central reporting and remediation controls Other Which of the following are the greatest impediments to detection and remediation of security issues at your agency? (select all that apply) 4% 20% 20% 18% 22% 21% 31% 30% 38% 50% 0% 10% 20% 30% 40% 50% 60%

Security and Network Management Tools Can Help Security and network management tools can help with compliance Configuration management software centralizes change management and reporting Log and event management (SIEM) software uses logs for security and compliance Patch management software centralizes updates and reduces vulnerability Device tracking, IP management, and switch port management for compliance enforcement Network management software for continuous monitoring, audit documentation, and reporting Configuration Management Network Management IP Address Management Log and Event Management Patch Management User Device Tracking More information: http://www.solarwinds.com/federal government/solution/cyber security 13

When Combating the Insider Threats Meeting compliance standards does not mean you are secure Careless or untrained insiders are the largest source of federal security threats High performing agencies with excellent IT controls experience: Fewer cyberthreats Faster response time to threats Positive results from IT modernization initiatives Continuous review of your IT controls improves your security posture SolarWinds has tools to help

Get a full copy of the 2017 Survey at the SolarWinds booth Download the full 2017 survey results online at: http://www.solarwinds.com/ resources/survey/solarwinds federal cybersecurity survey summary report 2017 Download the full 2015 survey results online at: http://www.solarwinds.com/ resources/survey/solarwinds federal cybersecurity survey summary report 2015 15

Contact Us Let us know how we can help you Watch a short demo video: http://demo.solarwinds.com/sedemo/ Download a free trial: http://www.solarwinds.com/downloads/ Visit our Federal website: http://www.solarwinds.com/federal Call the SolarWinds Federal sales team: 877.946.3751 Email federal sales: federalsales@solarwinds.com Email our Government Distributor DLT : solarwinds@dlt.com Follow us on LinkedIn : https://www.linkedin.com/company/solarwinds government 16

SolarWinds,SolarWinds&Design,Orion, and Thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback