5 Ways to Protect Your Organization from a Cyberattack in 2024

As we say goodbye to 2023, we need to prepare to say hello to new cybersecurity threats in 2024. The Department of Homeland Security is already there, having published its annual Homeland Threat Assessment, which predicts “more evasive cyberattacks” thanks to cyber actors using artificial intelligence (AI) and other modern technologies to circumvent company defenses.

Protecting your organization will require a sound strategy that wards off threats and takes the fight to the attackers. Here are five best practices to help you do both.

1. Develop a playbook of response strategies and tactics

Your playbook should include detailed instructions on how to handle a cybersecurity incident, from start to finish, and who’s responsible for what. Key components of a cybersecurity playbook include:

  • Descriptions of potential attack methods
  • Steps required to effectively respond to and contain an attack
  • Roles and responsibilities of response team members
  • Remediation procedures
  • Details on how to handle media inquiries, customer, and partner communications, etc.
  • Processes for a post-incident review and analysis

Hopefully, you will never have to use your playbook. If you do, it will provide you with a standardized blueprint that will allow you to respond to an attack methodically and effectively.

2. Conduct fast and effective diagnostics

Time is of the essence during a cyberattack. Therefore, it is essential to conduct accurate and effective diagnostics as fast as possible.

SolarWinds 5 Protections Against Cyberattacks Blog Embedded Image 2024Not only will you want to identify where the attack originated, but you’ll also need to quickly ascertain where it has or could spread. This requires finding gaps and vulnerabilities in your network where a virus or piece of malicious code could take root. Unfortunately, network complexity gives attackers better cover and more opportunities to hide.

Observability solutions cut through the noise and provide visibility across your entire ecosystem. Observability is different from traditional network monitoring; whereas the latter is more reactive, observability proactively detects anomalies before they become real issues. Plus, with complete visibility into the entire ecosystem, there’s no need to waste time sifting through alerts or hunting down problems. Teams can respond quickly, ensuring high resiliency.

3. Communicate openly, honestly, quickly, and continuously

Effective communication is critical to cybersecurity threat mitigation. When a threat manifests, alert impacted internal departments through secure channels so as not to tip off the attackers that you know they’re in your network. Then, communicate with law enforcement, including the FBI. Finally, reach out to customers and partners. Keep all parties apprised in the weeks and months following the attack.

If you have created a playbook, you will know who to contact and how—because you will have planned for it. You will know, for example, that it will be up to your communications team for outreach to the press, customers, and other third parties.

Your communication must be clear and honest. Tell your stakeholders what you know when you know it. Inevitably, someone is going to ask, “Am I affected?” You may not know, and that is OK—just tell them what you do know. Likewise, you will likely be fighting misinformation. Do not get sidetracked. Continue to tell the truth and communicate openly as much as possible.

4. Enlist third-party partners for help

There are many reasons why you should not take on a cyberattack alone. First, an attack can be too complex and far-ranging for your internal team to handle on its own. It is better to have an outside party that can help with auditing your networks to ensure gaps have been remediated in the wake of an incident. Second, third-party cybersecurity experts can be invaluable in providing guidance, investigative support, and consultation as you navigate through the attack. Your team is going to be busy handling any number of tasks and will appreciate their perspectives.

Outside parties can also help get your truth out to the public. Following the SUNBURST attack, we enlisted the help of reputable organizations like the Cybersecurity and Infrastructure Agency (CISA), the Krebs Stamos Group, and others. In addition to assisting in the investigation, they helped us tell the story of what happened, which went a long way toward combatting misinformation.

5. Implement a “Secure by Design” approach

You have likely heard about shifting left—building security into the foundation of your products, rather than adding it on later. I recommend taking this mindset a step further and adopting a Secure by Design approach, where security becomes a cornerstone of your entire organization.

Secure by Design includes all the best practices listed here, as well as building out your cybersecurity team, auditing applications throughout their development, and engaging with the broader community to learn and share information. It also entails adopting an “assume breach” mindset, where you assume that an asset has already been breached, determine the possible implications, and come up with fixes to limit exposure.

As we turn the calendar page, attackers may have the advantage, but it doesn’t have to be that way. Hopefully, these best practices will help gain the upper hand—and protect your organization in 2024 and beyond.

Reach out to the SolarWinds team to learn more about how you can prepare your organization.

3 Strategies the State Department Can Adopt to Successfully Balance Infrastructure Modernization and Security

The Department of State’s (DOS) plan to modernize American diplomacy has two focuses: adopting critical and emerging technologies and strengthening cybersecurity. Secretary Antony Blinken cites these initiatives as an “aspect of foreign policy that has become critical in recent years.”

Yet, a recent survey indicates IT complexity is a top challenge when it comes to protecting against cybersecurity threats. The more technology added to a network, the harder it is to defend.

That’s why the DOS must adopt a security-first approach when building and deploying new IT infrastructure. By shifting security left, the organization will be better positioned to successfully balance modernization with security.

Here are three ways the DOS and other government agencies can achieve this objective.

SolarWinds SLG Infrastructure and Security Blog Embedded Image 2023Adopt a “secure by design” approach

Infrastructure modernization isn’t just about the tools that are added to a network. It’s also about the people who must manage the tools, and the different processes teams might use to ensure that everything works as it should. All of this creates additional complexity and increases how an attacker could infiltrate a network.

That’s why it’s critical to weave cybersecurity throughout every phase of infrastructure deployment. Every time a new system or application is installed, its introduction and implementation should be carefully vetted by a dedicated security team. All endpoints should be carefully monitored and inspected to ensure their fortification and all systems tested by red teams to verify their security postures and resiliency.

Simultaneously, all IT professionals should follow predetermined security guidelines throughout the software implementation process. These guidelines should be easily accessible and understood by everyone involved in the process. Simple, direct, and sequential instructions can help prevent vulnerabilities.

Implement observability for proactive cybersecurity

As the DOS’s software factories continue to develop and deploy new technologies, the agency must adopt methods that allow it to keep close tabs on how those technologies connect and interact with one another. Implementing a process of observability is a good way to accomplish this task.

Observability provides a complete view of every asset that comprises an organization’s IT infrastructure, whether on-premises, in the cloud, or hybrid environments. IT teams can observe how assets operate and interact with each other and rapidly identify issues as they arise, including potential security risks.

Observability goes beyond traditional network monitoring, but both are essential. The latter pushes alerts to IT teams whenever there’s a deviation from a predetermined metric, while the former allows teams to detect and analyze abnormalities in real time. So, while monitoring is reactive, and observability is proactive, both work together to form a critical foundation for infrastructure security.

Take an “assume breach” mentality

Zero-trust is an effective best practice that the DOS has adopted from the Department of Defense’s leadership. In the wake of continually evolving cybersecurity threats, adopting a zero-trust posture should be considered the minimum protection standard.

The DOS can take this approach even further by taking an “assume breach” mentality. An assume breach mindset includes several strategies designed to protect the agency throughout the entire lifecycle of a cyberattack. In addition to incorporating zero-trust principles, assuming a breach involves:

  • Identifying and addressing gaps in security coverage
  • Planning how to react and respond to an attack
  • Detailing the steps needed to recover from an attack
  • Learning from an attack
  • Implementing processes to prevent future attacks

Assuming a breach is just as it sounds—embracing a position that it’s not if a breach will happen, it’s when it will take place. If agencies base their cybersecurity efforts around this mentality, they will be more prepared to both deal with and prevent the eventuality.

Cyber resiliency must be a top focus as the DOS continues its push toward modernization, but without a systematic plan in place, the agency’s efforts to contain and prevent vulnerabilities can easily become overwhelming. Adhering to the three strategies outlined here can help the DOS prioritize cybersecurity and tackle potential threats in a way that will not only protect the organization but also do so in a manner that is efficient and effective.

 

These best practices are fundamental elements to SolarWinds’ Secure by Design approach, developed in collaboration with leading cybersecurity experts in the wake of the 2020 SUNBURST attack. It’s a solid blueprint for the DOS to refer to as it continues its modernization efforts.

Three Strategies for Minimizing Insider Threats

Insider threats (alternatively known as careless or untrained insiders) continue to be a problem for the public sector. According to SolarWinds 2023 Public Sector Cybersecurity Survey, 68% of respondents cited careless or untrained employees as one of the highest sources of security threats, second only to foreign governments.

Insider threats have continued to increase over the past few years. Mobile work has become commonplace, and more employees have begun using unsanctioned applications, leading to incidents of shadow IT. Meanwhile, hackers have become adept at targeting government employees through phishing and ransomware attacks, which succeed due to human error.

Educating your employees about the dangers of these attacks and putting in proper safeguards to prevent them is critical. Here are three strategies to help employees become more aware of threats and build a better security posture from the inside.

Understand while not everyone is a trained security expert, everyone can play their part

SolarWinds Cybersecurity Against Insider Threats Blog Embedded Image 2023

Some organizations tend to say, “Everyone is responsible for cybersecurity,” which is not entirely true. An employee in charge of processing applications for social security benefits is in charge of processing applications for social security benefits, not protecting the agency from a cyber attack.

However, there are little things everyone can do to prevent threats–they just need to know what those things are. It’s more than not opening emails from unknown senders or clicking on suspicious-looking attachments. It’s being vigilant, even when someone is feeling overworked. It’s also knowing who to report these incidents to if and when they occur and how and when to share information with colleagues about potentially suspicious activity.

Other things you can do to help employees protect your agency include:

  • Implementing company-wide password protocols, including two-factor authentication
  • Mandating employees to change their passwords every few months
  • Adding context to communications around cybersecurity to help employees understand the ramifications of cybersecurity incidents (for example, illustrating how a breach could impact employees’ jobs)

While rigorous training isn’t necessary, you can aim to make safe security practices a part of your day-to-day efforts. For example, periodic email reminders, replete with simple and easy-to-follow best practices and sent from the CIO or security team, can help improve your organization’s security posture.

Conduct simulations to help employees understand how to respond to possible threats

Email reminders are important, but nothing beats practicing what to do in the event of a threat. Which is where Breach and Attack Simulations (BAS) come in.

BASs can be used to simulate just about any type of attack your employees might be exposed to, including phishing, malware, and more. Employees are asked to spot, respond to, and prevent an attack in a simulation. Managers can assess employees’ responses and reactions and discover where more education is needed.

Simulated attacks are also great for increasing employee vigilance and education. The more employees are exposed to simulated threats, the more knowledgeable they become about those threats–and the less likely they will be to fall prey to them.

Build a zero-trust foundation that is secure by design

While employees should always be your first line of defense against cyberattacks, no defense is ever foolproof, even those that have been adequately trained and prepared. Implementing a secure by design zero-trust cybersecurity environment can ensure weaknesses aren’t exploited.

In a secure-by-design environment, security is inherent in every aspect of the organization. Employees are aware of possible cybersecurity risks and know how to prevent them. Security is baked into the agency’s technology infrastructure and software development processes, and all technologies an agency procures have security as a standard feature, not an add-on.

Security by design goes hand-in-hand with zero trust. Zero-trust cybersecurity models are based on an “assume breach” mentality, where every request to access information could pose a threat. Therefore, all requests must be carefully verified, and all employees should only have access to the information they need.

Remember: while employees can be your agency’s best defenders, they’re also human. They can and will make mistakes. It’s essential to put in place safeguards to mitigate those mistakes. Education is important, but so is having a backup plan in case something fails. By covering all angles you’ll have a better chance of preventing the next employee-centric cyberattack.

For more guidance on how to better enhance your agency’s cybersecurity posture, visit SolarWinds’ Secure by Design resource center.

Four Lessons I Learned from My Company’s Response to the SUNBURST Attack

Saturday, December 12, 2020, is a day I’ll never forget. That was the day I learned nation-state threat actors had exploited our software in what would later be known as SUNBURST. Because it’s been written about thousands of times before, I won’t rehash the particulars of the event itself here. Instead, I’d like to share four lessons I learned about how to respond to a large-scale cyberattack.

1. The first days: Preparation helps control the chaos

I often refer to the days immediately following December 12, 2020, as “controlled chaos.” The chaos portion is self-explanatory, but what about the “controlled” part?

Simply put, we were in control the entire time, no matter how chaotic things seemed, because we’d prepared for such an incident. We ran tabletop exercises, planned for different scenarios, mapped out hypothetical intrusions, tested our response methods, and looked for and plugged potential security holes. We also built an incident response team comprised of representatives from across the company. It included members from our security, legal, marketing, IT, and engineering teams, and our board of directors.

As you plan your threat response, consider the following:

  • Do you have a cybersecurity incident response playbook?
  • Have you performed tabletop exercises and run various attack scenarios?
  • Do you have the right people on the incident response team—a good mix of strategic and tactical expertise?
  • Do you have ways to contact people, even on the weekend (or during a pandemic)?
  • Do you have a list of backup contacts in case someone isn’t available?
  • Do you have alternative communication methods established in case you cannot trust your existing ones?

2. The initial weeks: Separating teams creates an agile and efficient response

SolarWinds Attack Response Blog Embedded Image 2023

We quickly learned we needed to split our team into different groups for an agile and efficient response. Thus, one big team became multiple smaller teams, each overseen by leaders within their respective organizations (i.e., the legal team was led by our general counsel, the engineering team by our head of engineering, and so forth). These teams would work independently, then reconvene each evening to share what they learned, discuss solutions and ideas, and so on.

Having different teams allowed individuals to focus on each facet of the response. For example, engineering could focus on how the attack affected our build while IT investigated how the attackers got in. The communications team created responses for customers, partners, and the press, and what ultimately became the government affairs team devised a plan to contact various government agencies.

We also learned organizing these teams was impossible without a third-party “quarterback.” So, we brought in an external organization to coordinate our teams’ work. They set up meetings and ensured everyone was on the same page and information was being shared.

As you coordinate your teams, ask:

  • Do we have a plan in place to get teams together?
  • Do we have a third-party “security helper” on call or retainer? (This is often a good insurance policy)
  • Do we have enough teams to cover every aspect of our business?

3. The following weeks and months: Unbiased partners help amplify the truth

At the time, there was a lot of misinformation floating around. We were being outnumbered, out-marketed, and out-communicated. And unfortunately, social media made misinformation spread like wildfire—and has helped it be equally hard to extinguish.

To help, we partnered with reputable and experienced organizations like the Cybersecurity and Infrastructure Agency (CISA), Krebs Stamos Group, and others. The organizations performed forensics while amplifying the truth about the attack, helping people understand this was not just an isolated incident.

Amplifying the truth was the only agenda our partners had. Sadly, that’s not the norm. I discovered many organizations out there want to promote their brand or have ulterior motives. Fortunately, the organizations we worked with had no such baggage.

Indeed, they allowed us to focus on ensuring our customers were in the right state. We wanted to be there to answer their questions, assure them, and, most of all, make sure they were secure and protected. Our partners helped us block out the noise so we could focus on helping our customers.

To summarize:

  • Bring in the correct partners and add new partners as necessary
  • Watch out for hidden agendas
  • Prioritize what’s most important to you (For us, our customers were our top priority)
  • Don’t spend time responding to every inaccuracy; it will only distract you from your priorities
  • Stay focused

4. The final months: Going above and beyond leads to an exemplary outcome

As the months wore on, I remember a colleague telling me, “If you’re going to come out of this, you have to be special. It won’t be enough just to fix the issue. You need to really go above and beyond.”

As it turns out, we fixed the issue—but did much more than that. We found the source for SUNBURST and made it publicly available. We testified before the U.S. House and Senate. We implemented assistance programs to help our customers. We held briefings with the FBI and other global law enforcement agencies.

We ensured the world knew what we were doing and why we were doing it. In being transparent, we were helping others understand what we went through so they could better protect themselves. It’s not enough to be transparent, of course. To get through it and come out stronger, we needed to have products and services people love and enjoy using, which leads me to three final recommendations:

  • Be open and honest throughout the entire process
  • Communicate early and often—not just to your customers, partners, and employees but to the world
  • Make the type of products you would want them to use, and make them Secure by Design

The months have turned into years. The tenets of transparency and humility have served us well. The SUNBURST incident has turned into a catalyst for good. Supply chain security is now front of mind for many. Executive orders and cyber security strategies are leading us towards attestation for software security. Executive and boardroom conversations have security as a necessary topic, and the security defenders of the world are being looked upon for guidance in managing cyber risk.

The investigation into SUNBURST formally concluded in May 2021—six months after the attack was first uncovered. But I like to think our response to the attack will live on for much longer. Because what started as a dark day in December 2020 made us a stronger, more resilient, and better company. I hope the lessons I learned can help you do the same.

Contact our team today to learn more about how SolarWinds can support your organization’s software and cybersecurity mission.

Unpacking Digital Transformation

At long last, Government agencies are getting some real support for their modernization and transformation initiatives. Through the Technology Modernization Fund (TMF) and the American Rescue Plan (ARP), Congress is providing significant funding for updating or replacing legacy systems, with a focus on both improving the security of government systems and delivering better services. The opportunity, now, is to make those investments pay off. How can agencies cut delivery times and meet expected outcomes? Download the guide to access worksheets, step-by-step guidelines, government and industry insights, and other resources that can help agencies launch transformation initiatives—and deliver on them.

 

Supercharge Your Agency Service Management

“Using cloud solutions, organizations can automatically scale up their systems when constituent demand is high and down when demand is lighter. This enables agencies to be more responsive, efficient and constituent-friendly. Most federal agencies are going through a major digital modernization effort, replacing outdated/ legacy systems with cloud-based solutions, said Sandra Trumbull with Atlassian, a software-based company. And self-service — whether through guided prompts, artificial intelligence or other methods — is increasingly important because users are more empowered and typically obtain faster responses service teams have fewer headaches, agencies can lower their service costs, and everyone receives a better overall experience.”

Read more insights from Adaptavist’s Phill Fox, Principal Customer Success Advocate, and Atlassian’s Sandra Trumbull, Enterprise Solutions Advocate.

 

IIG GovLoop Digital Transformation Blog Embedded Image 2023How Agencies Are Driving Innovation to the Edge

“Not so long ago, Air Force communications meant radios that transmitted information about where to go and what was happening. Now, digital input is being delivered directly into the cockpit. ‘We’re talking about a situation where edge capability expands the envelope of the missions that we can get accomplished and changes the ways in which we can accomplish them,’ said Winston Beauchamp, Deputy Chief Information Officer for the Department of the Air Force. Currently, the service uses edge computing in its Agile Combat Employment, a scheme of maneuvers aimed at increasing survivability while generating combat power. If warfighters are under threat at fixed bases, they must move to alternate locations quickly — and those might not have all the infrastructure of a traditional base. ‘Edge technologies enable you to deploy to that location that you need to accomplish that mission without a huge footprint,’ Beauchamp said.”

Read more insights from Red Hat’s Government Symposium.

 

Data, Data Everywhere, but Not a Byte to Eat

“The first element of intelligent data management is visibility: Where is agency data located? And directly associated, Breakiron said, is accessibility, knowing how the agency organizes and uses its information, and what the data’s condition is. ‘We often find, especially in the government, in excess of 50% of the data hasn’t been touched for as much as five years,’ he explained. ‘And we also find that about 20% of the data, you couldn’t talk to if you had to.’ Commvault calls that “orphan data,” and it’s akin to having a VHS tape but no VHS player with which to view it. An intelligent data management system creates a tiered storage approach that identifies long-ignored information, allowing an archival model for ‘pennies to the dollar vs. thousands of dollars in storage costs,’ he said.”

Read more insights from Commvault’s Richard Breakiron, Senior Director for Strategic Initiatives for the Federal Sector.

 

Build a Functional Ecosystem Through Cloud Architecture

“While technology is at the core of a total agency transformation, Chang advised against having it ‘dragging process and then dragging people along.’ The process and the people need to move along with the technology instead of clinging to its shirttails. ‘One thing I would offer as a piece of advice, having done multiple transformations in the Federal Government, is invest in upskilling your people,’ said Chang. ‘If your people can’t use the technology — no matter how great the technology is — the organization as a whole does not move forward.’ For federal environments, he urged technology upskilling to improve employees’ data literacy, analytics awareness and coding abilities — or at least to provide a basic familiarity with those activities.”

Read more insights from Snowflake’s Winston Chang, Chief Technology Officer for the Global Public Sector.

 

How Open Source Database Technology Can Support Transformation

“Modernizing your applications and services without modernizing the underlying database is like buying a new car but installing your old engine. You’re just holding yourself back. That’s the experience of Enterprise DB (EDB), which provides tools and services to large organizations adopting PostgreSQL (Postgres), a relational database management system based on open source technology. Like other enterprise-grade, open source systems, Postgres helps organizations avoid the rising licensing costs and vendor lock-in that come with proprietary software, said Jeremy Wilson of EDB. But just as importantly, Postgres is rapidly replacing legacy, proprietary software as a platform for innovation.”

Read more insights from EDB’s Jeremy Wilson, CTO of North America Public Sector.

 

Transforming With Visibility and Agility

“Staff working their way through a digital transformation, such as a cloud migration, will need new skillsets. They’re going to use new services and capabilities — and none of them will be the same, Shopp said. SolarWinds helps users build knowledge, intelligence, configuration smarts and cloud awareness, he explained. ‘Intelligence in a box,’ as Shopp called it, is codified into SolarWinds products and helps agency employees monitor workloads. ‘When it comes to understanding your infrastructure and your workloads, no matter where they reside — on premises, the cloud or hybrid — we’ve got you covered,’ Shopp said.”

Read more insights from SolarWinds’ Brandon Shopp, Group Vice President of Product.

 

Observability Made Simple

“The task of monitoring these complex systems gets more complicated, too. ‘The question is, how do I know there’s an issue?’ said Brian Mikkelsen of Datadog. ‘Is it when the tickets start flowing, when complaints increase, when your leadership team asks why something isn’t working?’ None of those options is ideal. Datadog’s application performance management platform provides a real-time window into the digital environment, identifying performance and security issues — quickly. Its ‘full stack’ hybrid infrastructure capability means everything from the back end to the front end is monitored and reported via infrastructure metrics, application performance traces, and correlated logs.”

Read more insights from DataDog’s Brian Mikkelsen, Vice President and General Manager.

 

Download the full GovLoop Guide for more insights from these digital transformation leaders and additional government interviews, historical perspectives and industry research.

States Can Build Economic Efficiencies Into Complex, Sophisticated IT Environments

Modernizing IT is a priority for all levels of government. Despite its importance, a recent National Association of State Technology Directors study found only 50% of the 38 states surveyed have “budget mechanisms for specifically addressing IT modernization.” At the same time, 84% reported they had increased cloud services—and 76% increased their network infrastructure and bandwidth—because of the pandemic. To put it mildly, growing and scaling services without a budget isn’t ideal. However, building economic efficiencies into an increasingly complex, sophisticated IT environment is possible.

One way to approach cost containment is to build it into the approach taken when developing cloud-native applications and instilling the management of these applications with this mindset. This will likely pose challenges—developers are rarely responsible for the decisions about how their apps are implemented, used, or scaled. Likewise, those responsible for making decisions about infrastructure resources, maintenance, and operations may not understand or account for how much it costs to keep these cloud-native apps going. Here’s a look at how developers and operations management teams can better understand and manage the cost of application modernization programs:

SolarWinds Economic Efficiency Blog Embedded Image 2023The Relationship Between Cost Containment and the Modern Developer

The application development phase offers an opportunity to lay the foundation for cost containment and is a vital part of developer maturity.

An easy way to move toward cost-effective, sustainable applications is to adopt the underpinning of reliable operations—monitoring and observability. When developers ensure new and modernized applications include monitoring from the outset, DevOps and site reliability engineering (SRE) teams can better understand the state of their systems and proactively debug systems in production. This benefits the organizations who own these applications in the long run.

Here’s an example: suppose an application relies on platform-managed serverless or orchestrated containerization. There’s no shortage of opportunities to provide rich performance data for both developers and operations using commercial cloud-native or open-source monitoring options.

Through monitoring, developers can quickly get a sense of application durability and develop more sustainable applications to support cost containment. Considering sustainable cost containment during the dev phase isn’t best left to IT leaders; agency leaders will greatly appreciate the developer who builds the foundation into their apps.

Keys to Containing Cost

It’s also crucial to address agency leaders’ responsibility for ensuring the high performance of cloud-native applications once deployed. As much as we’d like them to, cloud-enabled technologies don’t maintain a minimum latency or uptime on their own. IT and network operations teams continuously monitor the health of cloud applications, infrastructure, and the networks they rely on to ensure a quality user experience and an uninterrupted mission.

They need full-stack observability without added costs for procuring and managing multiple monitoring tools and accommodating new reporting, alerting, and automation needs as time progresses. IT leaders can control costs in a cloud-native future by ensuring their developers and IT operations teams utilize the same centralized and automated monitoring tools—from launch to sunset.

By consolidating tools and achieving observability across services and agencies from a single integrated pane of glass, these teams can occupy the same monitoring domain and ensure peak performance of the entire application, infrastructure, and network environment while saving time and containing costs.

The cost-containment advantages of automation also can’t be overstated. Instead of IT pros spending hours trying to identify, diagnose, and fix hard-to-find performance issues, modern monitoring tools run in the background, automatically identifying performance issues and recommending optimization fixes.

As new systems and cloud-native applications come online, these systems allow agencies to quickly and easily scale their monitoring capabilities without additional expense, no matter how complex their cloud, multicloud, or hybrid environment becomes.

The results? A pathway for states without the budget for cloud and IT modernization to create economic efficiencies.

To learn more about SolarWinds’ observability platform, click here.

How CISOs Can Come to Grips With a New Priority – Securing the Supply Chain

Software supply chain hacks are now the most prevalent form of cyberattack. According to the latest Verizon Data Breach Investigations Report, 62% of system intrusion incidents came through a third-party, highlighting the difficulties that many organizations – including federal agencies – face in securing their supply chain. A recent flurry of legislative activity demands that CISOs step-up their supply chain due diligence – and fast.

Key among these directives and guidance is the Enduring Security Framework (ESF). Developed by NSA, ODNI, and CISA, and modeled on the NIST Secure Software Development Framework (SSDF), ESF aims to harmonize previously disparate Cyber Supply Chain Risk Management (C-SCRM) policies and procedures across the federal government. A key tenet of ESF – and also a requirement of a new White House Memo (M-22-18) – is vendor self-attestation to software developed in accordance with NIST standards.

Yet, despite directives from the highest levels of government, questions remain:

  • Does every ESF recommendation and control have to be met by software vendors?
  • Are some C-SCRM practices and standards a priority over others?
  • Will OMB require point-in-time or continual attestation?
  • When will the standardized self-attestation form be released?

Until we have answers, one thing is clear – software supply chain security can’t be solved by directives and guidelines alone. The reality is, a threat can only truly be mitigated through increased cooperation between the public and private sectors. As head of government affairs at SolarWinds here’s my take on how the agencies and industry can join forces to collaborate.

Cooperation Must Occur – CISO to CISO

SolarWinds Securing the Supply Chain Blog Embedded Image 2023

Typically, software purchases are one-time transactional exchanges. After all, the goal is to make procurement, installation, and deployment as quick and efficient as possible. In this model, relationships between the software vendor or supplier and the procuring agency aren’t nurtured. It’s an approach I believe needs to change.

To protect our shared infrastructure from evolving threats, federal security leaders must build lasting and meaningful relationships with software vendors.

Creating these partnerships is the future of C-SCRM in the federal government. Indeed, following the 2020 SUNBURST hack, we set out on a mission to lead the way to safer IT with our Secure by Design initiative. This effort included launching a new model for secure software development to strengthen the integrity of build environments.

Crucially, we also committed to establishing new standards in information-sharing and public-private partnerships. Government security leaders should communicate frequently and continuously with their industry counterparts about enterprise software security, the development process, and adherence to ESF standards. When it comes to their vendors, Federal CISOs must also have a dedicated person to call at any time – not just a toll-free number.

Screen Vendors in Seven Steps

Self-attestation may be mandated, but it won’t fix everything. After all, most agencies lack the resources to evaluate every software vendor’s self-declaration, opening the doors to abuse. The compliance framework may also seriously hinder the procurement process.

Until OMB issues further guidance, agencies can screen their suppliers’ security measures using a set of seven questions developed by our CISO, Tim Brown, and DHS CISO Ken Bible in the aftermath of the SUNBURST. Those questions are:

  • How do your vendors secure software code?
  • What type of environment do you build your software in?
  • Have they established secure software development framework roles and responsibilities?
  • Are they using automation and DevSecOps to automate developer and security toolchains?
  • What policies and measures do they have in place to prevent malicious or vulnerable software from affecting their customer base?
  • How are they monitoring risk in their own supply chain?
  • If a breach occurs, what’s their process for notifying customers?

Defending Together

Security is an ongoing journey with no finish line, but federal agencies and their vendor ecosystem can become smarter and more cyber resilient if they are transparent, collaborate, and learn from previous attacks.

Download our Whitepaper to learn more about how this model can be used to secure the software supply chain, or to learn more about SolarWinds Secure by Design initiative, SolarWinds’ recently launched Next-Generation Build System, a model for secure enterprise software development.

A Two-Step Framework for Securing and Monitoring Military Drone Networks

In the coming years, the Department of Defense (DoD) will spend billions of dollars on unmanned aircraft systems (UAS), which will include the expansion of the fleet through the Blue UAS effort, training, and maintenance. Drones and autonomous vehicles perform a variety of tasks in the battlespace, including mine-sweeping, intelligence, surveillance and reconnaissance, and search and rescue operations. However, there are challenges to monitoring the security and performance of these mobile endpoints—and the complex 5G networks they depend on.

How, then, can federal IT pros reap the benefits of UAS and 5G while bolstering the DoD’s IT infrastructure to realize those advantages without consequence? The answer is to introduce a two-fold focus within this ever-evolving environment.

  1. Build a Robust, Layered UAS Security Framework

From the manufacturing process through to deployment, drones are a lucrative target for nefarious actors seeking to disrupt operations, damage infrastructure, and cause bodily harm. Common tactics include injecting malicious code into UAS parts, using GPS spoofing to hijack a drone mid-flight, and hacking communications between the drone and controller and breaching sensitive data.

Mitigating these threats requires a layered approach. This starts with basic security hygiene, including strong passwords, data encryption, and the use of automatic push update software to ensure software stays current and vulnerabilities are addressed in a timely manner.

SolarWinds Military Drone Blog Embedded Image 2022But some hackers have the expertise to bypass this first line of defense. To combat this, military units must layer in more advanced measures. For example, snap-on deception technology can obscure the location of a drone and pilot. In addition, if a drone is lost or captured, cyber-hardening modules can protect against data exfiltration, erase log files, and shut the drone down.

Machine learning (ML) algorithms can also be leveraged to learn from drone flight patterns and behavior and flag anything deemed suspicious. Sophisticated ML and security information and event management (SIEM) tools can even continuously monitor drone-to-base communication for a complete understanding of the security status of UAS devices and network connections—in near real time.

  1. Gain End-to-End Observability of Hybrid 5G Networks

UAS operating on next-generation 5G wireless technology benefit from various advantages, such as unlimited bandwidth for uninterrupted control and high-speed transmission of image and video. 5G also offers security benefits. These networks can be designed to route traffic through an IP tunnel encrypted by default. Plus, additional security features can be layered on top without slowing the network.

However, 5G also brings increased complexity and visibility challenges. 5G networks comprise cloud and virtualized environments incredibly difficult to configure, monitor, and manage at scale using disparate legacy tools. As a result, IT teams risk drowning in a sea of alerts and disjointed analytics and may lack actionable insights to quickly identify, prioritize, and resolve issues.

To solve the challenges of 5G’s hybrid reality, military organizations must shift from a reactive to proactive IT posture and go beyond conventional monitoring. The best way to get a handle on connected UAS is to use single-pane-of-glass monitoring coupled with actionable intelligence delivering greater visibility, dependency insights, and operational predictability into everything connected to the network. With this automated toolset, they can visualize the entire 5G hybrid environment, reduce alert fatigue, accelerate issue resolution, and eliminate tool sprawl.

Finally, because encryption is a key capability of 5G networks, it can erode observability and insights into malicious activity, such as malware originating from a suspicious IP or connected UAS. Network architects should consider advanced traffic analysis strategies capable of segmenting encrypted traffic, decrypting it, inspecting it, and re-encrypting it—continuously and in real time—without compromising classified data.

Turning Challenges Into Possibilities

The distributed nature of UAS and 5G technologies is a complex challenge for the DoD that increases the attack surface and demands end-to-end oversight.

Fortunately, as these technologies have advanced, so has observability, helping federal IT pros gain deep, holistic visibility into hybrid 5G network environments and edge UAS devices—with a low total cost of ownership.

 

SolarWinds Hybrid IT Observability solutions are built to fortify mission-critical services. Click here to learn more.

Adapting with Evolving K–12 Challenges

The last few years brought a level of technological complexity to K–12 schools that teachers, students, and administrators are still grappling with. Succeeding in those efforts requires embracing the fluid nature of an increasingly complex world. Educational leaders learned a number of lessons during the pandemic, and they have already begun to apply them to build a better future for their students and their school districts. These lessons are familiar to IT leaders in government and industry, and they include the need for stronger cybersecurity, robust data analytics for better decision-making, and a more holistic approach to IT management. As K–12 leaders absorb the lessons of the past few years, they are transforming their approach to technology and building educational systems that can thrive at a time when change is the only constant. Read the latest insights from industry thought leaders in K–12 education.

 

Gleaning Powerful Insights From Financial Data

“Today’s technology advances are directly supporting teachers and students, but school performance also benefits from improvements to back-office operations. Better budget management in particular can have a meaningful impact on a wide range of goals. The latest technologies enable schools to automate routine activities, such as processing and paying invoices. An automated system can more quickly, efficiently, and accurately capture information than humans can, but even more importantly, automation opens up the ability to adopt machine learning, which can identify important patterns and trends in spending. By freeing the finance team from mundane tasks and providing richer insights into how budgets are being used, schools can plan more effectively and ensure their money is being spent wisely.”

Read more insights from Jim McClurkin, Senior Director of Public Sector at SAP Concur.

 

Collaborating Across Districts for Cyber Resiliency

IIE THE Journal Adapting K-12 November Blog Embedded Image 2022“Taking it a step further, when schools share information with one another about the problems they are seeing and the attacks they are facing, they can crowdsource solutions and thereby boost cyber resiliency across districts and across the K–12 sector as a whole. That approach also offers a way for schools to enhance security even when funding for IT systems and staff is less than robust. Rather than leaving under-resourced districts to tackle cybersecurity in isolation, the K12 Security Information Exchange’s report concludes that ‘school districts should put a premium on sharing threat intelligence, sharing best practices, developing model policies, pursuing mutually beneficial risk mitigation solutions that can be deployed at scale, and educating state and federal policymakers about K–12 cybersecurity challenges and potential solutions.’ Pooling resources among districts can have a powerful impact, and schools can also benefit from tapping into federal security standards, many of which offer well defined processes for responding to specific scenarios and situations.”

Read more insights from Brandon Shopp, Group Vice President for Product Management at SolarWinds.

 

Innovative Tools for Protecting Students Online

“Cyberbullying in particular affects a wide range of students. The StopBullying.gov website managed by the U.S. Department of Health and Human Services states that ‘cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation.’ According to the Centers for Disease Control and Prevention, middle school students report the highest levels of cyberbullying, followed by high school students and then primary school students. In a 2020 study conducted by Justin Patchin and Sameer Hinduja of the Cyberbullying Research Center, 49.8% of tweens (9 to 12 years old) said they experienced bullying at school, and 14.5% said they experienced bullying online. For nearly 70% of the latter group, cyberbullying made them feel bad about themselves. It also had a negative effect on their friendships, physical health, and schoolwork.”

Read more insights from Colin McLean, Product Specialist at Saasyan.

 

Download the full Innovation in Education report for more insights from these K-12 thought leaders and additional industry research from THE Journal.

3 Strategies for Effectively Enforcing the Principle of Least Privilege

The days of “trust but verify” are long gone. Respondents displayed heightened cybersecurity concerns exacerbated by an expanded attack surface created in large part by remote work.

As such, many have moved on from trust but verify to a zero-trust approach highlighted by adherence to the principle of least privilege (PoLP). With PoLP, users are granted access to the tools, technologies, and data they need to do their jobs and no more. Seventy percent of survey respondents indicated they’re already implementing PoLP or will implement it within the next year.

The question then becomes how to effectively enforce it.

Maintaining appropriate levels of access and control isn’t an easy task and can’t be accomplished manually. After all, people’s jobs change regularly, new employees enter the workforce, and security policies are continually being updated.

Plus, the sheer number of remote workers is helping to increase the potential attack surface. This includes the federal government, where the General Accounting Office estimates 80% of work has been done remotely over the past couple of years.

To better manage the situation, administrators should consider employing three strategies:

SolarWinds Principles of Least Privilege Blog Embedded Image 2022Automatically Monitor and Control User Access Rights

Tracking who has access to what data, who’s attempted to access certain files, or when said files were accessed is a full-time job. A better approach is to control access via an access rights management (ARM) system allowing for automated user account creation, modification, or deletion and designed to assign access rights based on users’ roles.

An ARM system can also automatically notify administrators when an individual attempts to access information they’re not privy to. This helps prevent unauthorized access from the inside and helps detect malicious accounts that aren’t part of the access rights list.

Monitor and Audit Administrative Changes

Permission rights changes aren’t always authorized, so it’s important for administrators to continually monitor and audit all administrative changes based on a set of security policies.

For example, a team might establish policies around who’s authorized to change files or permissions or when those changes can occur. These correlation rules are benchmarks and tell a system when something is amiss.

If a system is equipped with automated file integrity monitoring (FIM), it can compare network activity to those benchmarks. Anomalous or inappropriate activity can be flagged, leading to the system automatically blocking access and issuing an alert to allow administrators to respond to suspicious activity quickly and appropriately.

Administrators should also routinely audit privileged account log data. Running a report post-event helps forensically decipher what happened, and running reports every few weeks can help ensure users’ privileges are correct and up-to-date.

Continually Evaluate User Privileges

People’s jobs change all the time. Employees leave organizations, new employees are onboarded, and many people shift roles or get promoted. In each case, access privileges must be adjusted if an agency is to maintain a strong security posture.

Consider what could happen if a person leaves their position at an agency, but their user credentials remain active long after their departure. They could share those files with others, perhaps individuals willing to pay enormous sums of money for classified information. Or, if they’re disgruntled, they could create havoc by simply manipulating or deleting information.

Whatever the case, it’s prudent for administrators to regularly evaluate who has access to what. They must remove users who no longer need access to data and adjust permissions so those who have been promoted have access to information and can do their jobs effectively. Doing so allows for better security and unimpeded productivity—a winning combination in the post “trust but verify” world.

 

See how the privileged account management tool SolarWinds offers can help you enforce user access management, and sign up for a free demo.