1 2 3 Previous Next

Geek Speak

2,546 posts

By Paul Parker, SolarWinds Federal & National Government Chief Technologist

 

Much has been written about aging government IT networks, but not enough attention has been paid to the maturity of those networks. While it’s important for agency IT professionals to modernize legacy networks, it is equally critical for them to ensure that their infrastructures are mature enough to handle rapidly changing security requirements. They must have faith that any potential threats or problems can be addressed and remediated quickly.

 

In addition to looking at various network connections, IT professionals must consider the policies and procedures they use to enforce network security. Are current practices adequate for responding to current and future threats?

 

A majority of respondents to a recent SolarWinds cybersecurity survey indicated they have “good” IT controls for addressing these questions. They are managing security to the expectations of their policies.

 

However, other respondents listed their controls as “excellent.” They are going beyond just meeting policy expectations and, as a result, are seeing greater success with risk monitoring and mitigation. They feel better equipped to handle potential threats and undoubtedly share two common understandings.

 

First, they recognize that network intrusions are likely to happen and are preparing accordingly. Second, they are willing to embrace change.

 

Those two beliefs are important for creating mature networks that are ready to handle potential threats.

 

The Network Will Be Hacked—It’s Just a Matter of How Badly

 

Our cybersecurity survey revealed increasing concerns about careless, untrained, or malicious insider threats. The latter is especially disconcerting, as malicious insiders are more likely to be aware of how to beat internal processes.

 

An agency-wide proactive approach to network security is helpful. IT managers should initiate comprehensive and frequent security training for all agency professionals to help them become more cognizant of the tactics used to infiltrate networks and show them how they can help prevent attacks.

 

Accept and Embrace Change

 

When the Defense Information Systems Agency introduced its Security Technical Implementation Guides and Command Cyber Readiness Inspections, there was a palpable sense of nervousness—and even paralysis—among some people in the federal IT community. Many wondered how the new guidelines would affect their ability to do their jobs. Others were concerned about how to effectively prepare their agencies to meet DISA requirements.

 

But change is an inherent part of an IT manager's job, and the ability to manage change is essential, particularly when dealing with today’s escalating and evolving threats. Security processes must be readily adaptable to new needs and requirements. When new security policies are issued, it is because leaders perceive a potential threat that requires a different type of reaction from agencies. IT teams must be ready to work within those new policies, even if they must modify their approaches to do so.

 

The government cannot afford the equivalent of what took place in Atlanta, where the SamSam ransomware attack left the city scrambling to restore critical resources. Agencies need strong, mature networks that can quickly and automatically identify and fix issues in minutes as opposed to hours or days. With the right mix of policies and tools—and the right mindsets—teams can successfully raise their networks’ maturity levels to comfortable points.

 

Find the full article on GCN.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

Recently a coworker was giving a talk and he just froze up. When I asked him about it later, he said, "What happened yesterday has never happened before. It was like my throat clenched up and I couldn’t get words out. It psyched me out."

 

For just a moment, I'd like you to think about a time you failed. Like, REALLY failed. I don't mean a small "I took the wrong exit on the highway" goofs. Or the "I forgot my Mom's birthday" mess ups. I'm also not talking about a time you were part of an organizational or team failure where you look back and think, "Why didn't I speak up? Why didn't I step up?"

 

I'm also not talking about failures which were embarrassing, but in retrospect sweet and kind of normal. Like the time a certain freshman asked out the homecoming queen to prom. (Yes, I did. No, she didn't accept, but she was nice about it. Everyone else in the hall by the quad where I decided to ask her? Not so much.). Nope. I want you to think about a moment when you really really blew it. Dropped the ball. Failed to deliver.

 

Now, as you sit there, possibly wallowing in uncomfortable feelings (and maybe even feeling resentful that I brought it up), I'd like to suggest that you understand something really important:

 

It happens to everyone.

 

As evidence, I'd like to present a few case studies, including the one with my coworker.

 

Case #1: Yours truly.

In my senior year of college, I heard about an off-Broadway production of "Sweeney Todd" that was being produced by some folks I'd worked with previously.

 

That sentence deserves to be un-wound for those who aren't familiar with the New York theater scene.

1) Off-Broadway means getting paid, but it also means getting your Actor's Equity card. This is a Big Deal.

2) "Being produced by some folks I'd worked with previously" means I had a potential leg-up in the audition process. Getting cast wasn't a sure thing, but an in is an in.

3) "Sweeney Todd" was (and still is) my all-time favorite production.

 

Given my age and vocal range, I would be auditioning for Toby, my all-time favorite part who sings my all-time favorite song ("Not While I'm Around") in my all-time favorite play. I planned, I prepared, I rehearsed. As a senior in a large theater program, I had all the tools I needed—coaches, head shots, the works. I showed up for the audition. I knew two out of the four people in the room. We made some small talk. They asked if I was ready. The piano started.

 

I missed my entrance.

 

No biggie, everyone said. It happens. The pianist started over.

 

I missed it again. And again. The pianist tried to mouth the words to help me. No dice.

 

Confidence plummeting, panic rising, it was like I was underwater. I couldn't hear the notes any more. Couldn't find my voice.

 

I muttered an apology and got out of there as fast as I could. As I walked down the street I tried to wrap my head around what happened. There was no sugarcoating it, no handy excuses. I had bombed what should have been a sure thing. Instead of a home run, I had struck out on a slow-mo’, underhand toss, softball pitch.

 

Wallowing in my sense of defeat and embarrassment, the only thing I had to fall back on was a story my Dad had told me.

 

Case #2: My Dad.

This is a story about my Dad, Joseph Adato. THE Joseph Adato. Which sounds funny until you realize he's kind of a big deal in classical music circles (for examples, start with this book. And this one.)

 

He started playing drums at 10. At 18, he was playing in New York Philharmonic and the NBC Symphony of the Air on an as-needed basis. So then one day he gets called up to the big leagues. There was a full-time opening in the New York Philharmonic percussion section. Slam dunk, right? He shows up, music under his arm. Everything is set. His long-time teacher and a few other orchestra members are sitting there. All faces he knows. 

 

He bombed it.

 

When he told me the story, he said, "It might as well have been bugs on the page. I had NO IDEA what I was looking at."

 

He knew the music. He probably could have played it from memory if he thought about it. But he honestly could not tell what he was looking at. He apologized, walked off, and went home.

 

Case #3: Lily Tomlin

Back in the 80s, I had the pleasure of seeing Lily Tomlin perform her one-woman show "The Search for Signs of Intelligent Life in the Universe." The show itself was amazing, but at the very start, something incredible happened that changed the way I looked at "failure" from that point forward.

 

Ms. Tomlin came out on stage and began her monologue. And then, mid-sentence, she stopped. Took a deep breath. Said (mostly to herself), "umm...."

 

It was clear she was off, that something wasn't clicking for her. And what she did next stuck with me. She looked out at the audience. Not the way people look when they are performing—kind of a hazy "stare at the back wall" kind of way. She looked around at the people sitting in the audience. She acknowledged them.

 

At that moment, even as a theater student, I had no idea what would happen next. But I knew it wouldn't be any of the cliched responses you see or hear about—people freezing, running into the wings in tears, covering their face in their hands, etc.

 

Ms. Tomlin just stood there, smiling, taking us all in. Then she said, "I know this is going to sound funny, but this is a little overwhelming for me today. Do you mind if I just grab a glass of water for a second?"  Someone from the wings came on and handed her a bottle of water and she walked to the front of the stage, sat on the edge, and made small talk. With us. She asked about the weather outside, how traffic was getting to the theater, that kind of thing. Then about three minutes later, she said, "Okay, I think I'm good. Thank you," and she got up. She said, "Let's get this thing started," and she launched into her opening monologue.

 

Lessons Learned:

With my two failure stories (mine and my Dad's) under my belt, I thought long and hard about what I'd just witnessed. Here's what I learned.

 

First, if you are overwhelmed, or scared, or confused, own it. Don't try to shove it under an emotional rug because the result is that ALL of your emotions become inaccessible. Even if you are giving a quarterly report, you need to be fully present as a human being or bad things start to happen.

 

Second, remember that everyone wants you to succeed. Think about going to the circus. Do you WANT to see the tightrope walker fall to their... well, not death, but their embarrassment? No. You want to see the struggle, you want to know it's not all fake, but you want to see them succeed. You are literally CHEERING for them to succeed.

 

We're all like that. We watch someone up there giving a talk and we want them to be brilliant, to teach us, to make us laugh. And when they misstep, we don't immediately write them off. We think, "Come ON! You can DO it!"

 

So when YOU go up there, remember that is what is in everyone's mind. Every single person in that audience is silently hoping that you will be incredible. They are cheering you on. The applause has started before you say your first word.

 

If you keep that in mind, A LOT of the jitters go away. It becomes clear, and even urgent, that you work through any challenges, whether they last a moment, an hour, or a week.

 

All of this—my experience and my Dad’s and Lily Tomlin’s—was a large part of the conversation I had with my coworker as we talked through it. Let's be clear, his freezing up wasn't the end of his life or his career. It wasn't even the worst part of his week. (Hey, we all have weeks like that, right?) I told him, "So yesterday happened, but ‘yesterday’ has happened to everyone. Dad. Adele, Elvis. Pavarotti. All of them. You're in good company."

 

He said, "I hate to rejoice in your story of epic failure, but it's comforting to know I'm not alone."

 

I replied, "You aren't. You're rejoicing in the normalcy of it, in the reassuring consistency of the human condition and experience."

 

But the next time he got up to speak, it was clear he was approaching things differently. No, he didn't stop in the middle and say, "This is really overwhelming." He didn't need to. He was on top of it. But sometimes that's the point. If he did need it, the trick was there for him to use.

 

Sometimes, just knowing we have a tool in our back pocket makes the difference between success and failure.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

 

Perhaps the best part of being an IT pro—of being a technology professional in general—is that you don’t really have a choice. It’s an irrepressible self-nomination to a task force of incredibles, who prefer to wield their powers out of sight, but hope the results change the world for the better. And when you rise to the calling, it’s in many ways a relief. Think about it. How often do you question your career choice? Absolutely we question the specific area of tech (or at least I do every now and then) but never the field. How many people do you know in other jobs that can say that?

 

It doesn’t matter if you’re just starting out or have been shredding the command line for 30 years. Today you might be reallocating hundreds of containers for a global process queue, but you were probably just as excited back when you took over Group Policy management in desktop support or terminated your first cable. We are happiest engineering the changes that make other people’s lives better, and ideally without visible fuss.

 

Once again, IT Pro Day is a chance to thank all those who keep the wheels of IT turning while making it all look easy. It’s a day to celebrate the increasingly enormous diversity of the technologies that IT pros manage. And this year I hope that you all sense something in the ether: that smart businesses are beginning to listen when we make suggestions to help. That “civilians” are less and less interested in the peculiarities of our specific jobs and are more and more interested in the fact we are technology professionals. Less that we are experts in one thing, and more that we can become experts in almost anything.

 

Maybe the world of business is finally sequencing the IT pro genome only to discover it’s our common helpfulness and flexibility chromosomes that define our species, not just a penchant for jargon or geek humor. Or maybe it’s that we continue to follow our passion to go where we can help, and we realize it’s not just systems, but our business that benefit from a little professional advice.

 

So, here’s to you, the unassuming heroes who keep technology working. We know who you are and we’re really glad you came to work today.

 

Cheers,

 

Patrick Hubbard

Dez

IT Pro Day

Posted by Dez Employee Sep 18, 2018

          Guess who's back, back again, IT Pro Day, tell a friend! SolarWinds has once again allowed me to circle the sun as a SolarWinds Head Geek. To me, IT Pro Day is something of a celebration of achievement in goals every year that I once could only imagine. Curiosity has led me down numerous certification paths and even back to college a few times. I celebrate every new mind-expanding opportunity that I’ve been allowed in my career.

 

          Today I was asked, “As a technology professional, what would you change if you had the time, resources, and ability to use your tech prowess to do absolutely anything?” Great mind-mapping question indeed. This led me instantly to wonder whether or notif I were to be given unlimited time and moneyI would want to focus on becoming a teacher of cybersecurity and information assurance within STEAM programs. I mean, after all, security is an art that needs to be appreciated at all levels.

 

          Spreading knowledge, especially within IT security , is something I believe in passionately. There’s currently a huge gap in security professionals, and by golly, if I have anything to say or do about it, I want that to change quickly! I now work with vocational teachers and help to encourage teachers and young students to dig in and be creative with IT.

 

          If we’re not investing in the next generation, then how do you expect to have a product to meet their future needs? You have to carve out the time to hear out their mindsets, and understand how they approach and solve problems. This allows you—whether as an individual or a companyto provide your future customers with services, products, and even marketing that will enable you and your company to be relevant to them.

 

          Personally, this IT Pro Day has me thinking about how I can contribute more to things like STEAM programs and Cyber Days for students of all ages. It starts with an idea and can grow into a habit once you allow yourself a little time. I, for one, will start planning my days with at least 10 minutes brainstorming how I can be an IT contributor, and not just a consumer.

 

Destiny Bertucci, Head Geek, SolarWinds

Today is the 4th annual IT Pro Day, a day created by SolarWinds to recognize the IT pros that keep businesses up and running each and every day, all year long.

 

As an IT pro, I personally know that no one ever stops by your desk to say “thanks” for the fact that everything is working as expected. No, people only contact IT pros for one of two reasons: either something is broken, or something might become broken. And if it’s not something you know how to fix, you’ll be expected to fix it, and fast.

 

Nearly 70% of IT pros respond to one-off user requests daily. This amount of unplanned work leads to madness for mere mortals. The unplanned work doesn’t stop, either. IT pros are the first-level tech support for friends and family. Thanks to the ever-connected world in which we live, IT pros are responding to calls for help at all hours of the day.

 

Put this all together and it is easy to understand the best IT pros are one-part Batman, one-part MacGyver, and three parts Dr. House. We respond to alerts when called, we fix things in creative ways, and we do it all while reminding you we “are almost always eventually right.”

 

That’s right, IT pros can see the future. We know all viewpoints will eventually be consistent with ours. It is inevitable that there will come a point in time when your data will outgrow your current schema, code, and hardware. We know this because that’s been our normal ever since Codd invented databases.

 

IT pros spend hours finding ways to automate away tasks. Automation is a great way to help reduce risk and recover from failures. It’s also a great way to help get some sleep at night, and on weekends. Maybe even spend time working in the yard, building a nice firepit, where we sit and relax for 5 minutes before we fix the neighbor’s Wi-Fi.

 

We don’t do this for the money. We do this because we want what everyone wants: happy customers. With end users as our top priority, we want to help good people from making bad decisions. Sure, money helps, but that’s not our end goal. (But if someone in a corner office on the 4th floor in Austin is reading this, I want to remind them that bacon makes for a great gift during the holidays.)

 

Today is the day to say THANK YOU to the IT pro, and even give a #datahug to the ones that had enough time to shower before heading to the office.

 

Cheers!

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

Leon Adato

Happy IT Pro Day!

Posted by Leon Adato Expert Sep 18, 2018

As we all know, lists and their thinly-veiled derivatives, listicles, drive social media. Post the "Top 5 Kinds of Bellybutton Lint" and you'll probably get at least a few clicks from people with 5 minutes and nothing better to read. One of the popular lists going around right now are "The Smartest People I Know Do xxx"-type lists. Attributed to everyone from Bill Gates to Abraham Lincoln, they supposedly offer a window into the habits of the rich, famous, powerful, and successful.

 

Of course, many of these kinds of lists have as their honored ancestor the book which arguably started the self-help book trend, Stephen Covey's "Seven Habits of Highly Effective People."

 

Early in my career, I was dutifully reading through it when my boss, Maria, asked me, "What makes anyone think that Covey, or the people he used as sources for that book, were actually effective?" I was caught up short. I mean, the book had already sold over 25 million copies. But my boss knew her stuff, and she was, like all the best tech professionals, asking to see the data before she wasted a single processing cycle on executing those instructions.

 

I thought about what she taught me, as we were ramping up for IT Professional Day 2018. It's not that Covey's book or those listicles are necessarily wrong, it's just that they're just not demonstrably true, either. There's no data. Which is why I'm so proud of the Tech Pro Day survey (https://www.solarwinds.com/resources/survey/tech-pro-survey-north-america). Rather than ask thought leaders or folks in tech management what they THINK would be effective, we asked boots-on-the-ground IT pros what they do and how they relate to the tech that makes up so much of their world. The survey applies data to understand what effective and engaged IT practitioners are doing, both to be effective and to keep themselves feeling engaged.

 

What we learned painted a picture of the habits highly effective tech pros.

  1. We help others. Even when it's not strictly our job, we answer help tickets and take "drive by" questions.
  2. The user is never far from our mind. Their experience, their needs, the tasks they are trying to complete are paramount.
  3. When new tech comes on the scene, our first thought is how to use it make things better close to home—the business, our day-to-day tasks, and so on.
  4. But our second thought is how to use it to make the world better—education, housing, healthcare, the environment, and more.
  5. We honestly love the tech we've built a career around, so much that we use our free time to build our skills; we incorporate tech into our home projects; and we even leverage tech to make our vacations more, well, techie.

 

More than anything, what showed through the data was how engaged we are with the industry. Not content to wait for the latest innovation to roll into our shop (or over us like a techno-tidal wave), we actively seek it out, play with early betas, share ideas on forums, and to generally be the best at what they do.

 

You could say that the number one habit of highly effective IT professionals is to be Tech PROactive.

 

So, however YOU plan to celebrate, acknowledge, or observe IT Pro Day this year, everyone here at SolarWinds want you to know that it's no baseless rumor, no urban legend, but hard data-sourced fact: Your skills are essential to the business and your work is appreciated. You are awesome.

 

 

 

THWACK.com

The collection of operational and and analytics information can be an addictive habit, especially in the case of an interesting and active network. However, this information can quickly and easily overwhelm an aggregation system when the constant fire hose of information begins. Assuming the desire is collection and utilization of this information, it becomes clear that a proper strategy is required. This strategy should be comprised of a number of elements, including consideration of needs and requirements before beginning a project of this scope.

 

In practice, gathering requirements will likely happen either in parallel or, as with many things in network, adjusted on-demand, building the airplane as it is in flight. Course correction should be an oft-used tool in any technologist's toolbox. New peaks and valleys, pitfalls, and advantages should be referenced in the constant evaluation that occurs in any dynamic environment. Critical parts of this strategy should be included in consideration for nearly all endeavors of this kind. But even before that, the reasoning and use cases should be identified.

 

A few of the more important questions that need to be answered are:

 

  • What data is available?
  • What do we expect to do with the data?
  • How can we access the data?
  • Who can access what aspects of the data types?
  • Where does the data live?
  • What is the retention policy on each data type?
  • What is the storage model of the data? Is it encrypted at rest? Is it encrypted in transit?
  • How is the data ingested?

 

Starting with these questions can dramatically simplify and smooth the execution process of each part of the project. The answers to these questions may change, too. There is no fault in course correction, as mentioned above. It is part of the continuous re-evaluation process that often marks a successful plan.

 

Given these questions, let’s walk through a workflow to understand the reasoning for them and illuminate the usefulness of a solid monitoring and analytics plan. “What data is available?” will drive a huge number of questions and their answers. Let’s assume that the goal is to consume network flow information, system and host log data, polled SNMP time series data, and latency information. Clearly this is a large set of very diverse information, all of which should be readily available. The first mistake most engineers make is diving into the weeds of what tools to use straight away. This is a solved problem, and frankly it is far less relevant to the overall project than the rest of the questions. Use the tools that you understand, can afford to operate (both fiscally and operationally), and that provide the interfaces that you need. Set that detail aside, as answers to some of the other questions may decide it for you.

 

How will we store the data? Time series is easy: that typically goes into a RRD. Will there be a need for complex queries against things like NetFlow and other text, such as syslog? If so, there may be a need for an indexing tool. There are many commercial and open source options. Keep in mind that this is one of the more nuanced parts, as answers to this question may change answers to the others, specifically retention, access, and storage location. Data storage is the hidden bane of an analytics system. Disk isn't expensive, but it’s hard to do right, and on budget. Whatever disk space is required, always, always, always add head room. It will be necessary later, or adjustment of the retention policy may be necessary.

 

Encryption comes into play here as well. Typical security practice is to encrypt in flight and at rest, but in many cases this isn’t feasible (think router syslog). Encryption at rest also incurs a fairly heavy cost, both one-time (CPU cycles to encrypt) and perpetual (decryption for access). In many cases, the justification for encryption does not make sense. Exceptions should be documented and risks accepted to provide a documented path on decisions and acceptance of risk by management on the off chance that sensitive information is leaked or exfiltrated.

 

With all of this data, what is the real end goal? Simple: Baseline. Nearly all monitoring and measurement systems provide, at their elemental level, a baseline. Knowing how something operates is fundamental to successful management of any resource, and networks are no exception. By having stored statistical information it becomes significantly easier to identify issues. Functionally, any data collected will likely be useful at some point if it is available and referenced. Having a solid plan as to how the statistical data is dealt with is the foundation of ensuring those deliverables are met.

When it comes to IT, things go wrong from time to time. Servers crash, memory goes bad, power supplies die, files get corrupted, backups get corrupted...there are so many things that can go wrong. When things do go wrong, you work to troubleshoot the issue and end up bringing it all back online as quickly as humanly possible. It feels good, you might even high five or fist bump your co-worker, for the admin, this is a win. However, for the higher-ups, this is where the finger pointing begins.  Have you ever had a manager ask you “So what was the root cause?” or say “Let’s drill down and find the root cause.”

 

 

I have nightmares of having to write after action reports (AARs) on what happened and what the root cause was. In my imagination, the root cause is a nasty monster that wreaks havoc in your data center, the kind of monster that lived under your bed when you were 8 years old, only now it lives in your data center. This monster barely leaves a trace of evidence as to what he did to bring your systems down or corrupt them. This is where a good systems monitoring tool steps in to save the day and help sniff out the root cause. 

 

Three Things to Look for in a Good Root Cause Analysis Tool

A good root cause analysis (RCA) tool can accomplish three things for you, which can provide you with the best track on what the root cause most likely is and how to prevent it in the future. 

  1. A good RCA tool will…be both reactive and predictive. You don’t want a tool that simply points to logs or directories where there might be issues. You want a tool that can describe what happened in detail and point to the location of the issue. You can't begin to track down the issue if you don’t understand what happened and have a clear timeline of events.  Second, the tool can learn patterns of activity within the data center that allow it to become predictive in the future if it sees things going downhill. 
  2. A good RCA tool will…build a baseline and continue to update that baseline as time goes by.  The idea here is for the RCA tool to really understand what looks “normal” to you, what is a normal set of activities and events that take place within your systems. When a consistent and accurate baseline is learned, the RCA tool can get much more accurate as to what a root cause might be when things happen outside of what’s normal. 
  3. A good RCA tool will…sort out what matters, and what doesn’t matter. The last thing you want is a false positive when it comes to root cause analysis. The best tools can accurately measure false positives against real events that can do serious damage to your systems. 

 

Use More Than One Method if Necessary

Letting your RCA tool become a crutch to your team can be problematic. There will be times that an issue is so severe and confusing that it’s sometimes necessary to reach out for help. The best monitoring tools do a good job of bundling log files for export should you need to bring in a vendor support technician. Use the info gathered from logs, plus the RCA tool output and vendor support for those times when critical systems are down hard, and your business is losing money every minute that it’s down.

In Austin this week, so if you are wondering "who brought the rain," well now you know. Here's hoping the sun makes an appearance before I head home.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

Tesla shares crash after Elon Musk smokes joint on live web show

Everyone else knows this guy is self-destructing, right in front of our eyes, right?

 

Geology Is Like Augmented Reality For The Planet

A nice reminder that there are amazing stories being told, often right in front of our eyes, if we are aware they exist. Geology is one example, history is another. I make a point to get my children to take time to stop and think about what they are seeing, the history of it all.

 

Microsoft Requires Paid Parental Leave for Subcontractors

I think this is a good first step for Microsoft to force a change that has benefits for everyone. But I’m cautious about this precedent. And why only focus on U.S. companies? Why not address issues globally, in countries where manufacturing of devices happen?

 

Illusion of control: Why the world is full of buttons that don't work

I knew that ‘close door’ button was fake!

 

British Airways Says Customers' Financial Data Was Hacked In 380,000 Transactions

Honestly, I’m a bit impressed that they discovered the breach so quickly. Incidents such as this one can last for a year or more before a company finds and closes the hole.

 

Adding clean energy to the Sahara could make it rain (and not just figuratively)

First time I’ve heard about the idea that clean energy could make it rain in the Sahara and now I want to make this happen.

 

Japan developing ‘pre-crime’ artificial intelligence to predict money laundering and terror attacks

No mention of predicting Godzilla attacks, though.

 

After months of hard work, it's good to sit back and enjoy what you built with your own hands:

 

In this series, we’ve covered some key areas that can help prepare for potential attacks. Preparation is essential. Security policies are essential. Understanding your network and its assets is essential. What happens if a threat is detected? What can we do to monitor for threats? This final blog will look at security monitoring through an understanding of data. Data contains information and exposes actions. Data is the vehicle for compromise, so it is dynamic and must be tracked in real time. Being able to understand data streams is important for identifying and reacting to threats and then applying the correct protection and mitigation methods. Investigation and response depends on an understanding of these data types.

 

Raw data: Sourced directly from a host in the creation of an event log. Some events are pushed from the source using protocols such as syslog and SNMP. Protocols such as SCP, SFTP, FTP, and S3 are typically used to pull event logs from a source system.

 

Parsed Data: Parsing involves matching raw logs to rules or patterns to determine which text strings and variables should be mapped to database fields or attributes. This is a common function of SIEM tools that aggregate raw data streams for a wide variety of telemetry types. Sometimes an agent is used on a source host or an intermediate aggregation point to map raw message data into a vendor specific format such as CEF Syslog or LEEF, which is a first step to normalizing data.

 

Normalized Data: Normalization means transforming variables in the data to a specific category or type for aggregation purposes. For example, taking several attributes that refer to a threat type using various naming conventions and assigning them to a specific attribute as defined in the processing system’s schema. This introduces efficiency when storing and searching data.

 

Full Packet Capture: A capture of all Ethernet/IP activity in contrast to filtered packet capture focusing on a subset of traffic. Important for network forensics or cybersecurity purposes, especially in the case of an advanced persistent threats whose characteristics may be missed in a filtered capture. FPC may be used in static and dynamic analysis systems or detonated in a sandbox for greater understanding.

 

Metadata: Summary information about data. Extracted from FPC to provide a focus on key fields and values not just payloads, which may be encrypted. By looking at the metadata associated with a flow of network traffic, it can be easier to tell the difference between legitimate and bad traffic rather than trying to examine the detailed contents of every data packet. Important metadata include transaction volumes, IP addresses, email addresses, and certificates for TLS and SSL.

 

Flow Data: Flows represent network activity in a session between two hosts by normalizing IP addresses, ports, byte and packet counts, and other data, into flow records. A flow starts when a flow collector detects the first packet that has a unique source IP address, destination IP address, source port, destination port, and other specific protocol options. Often used to look for threats identifiable by their behavior across a flow rather than through atomic actions.

 

DPI Data: Deep packet inspection is stateful packet classification up to the application layer usually carried out as a function of next-generation firewalls and IPS. An expansion of the traditional "5-tuple:" source and destination IP, source and destination port, and protocol. DPI is part of Application Visibility and Control (AVC) systems that extract useful metadata and compare it to the well-known behaviors of applications and protocols to identify anomalies and statistically significant deviations in those behaviors.

 

Statistical Data: Makes use of statistical normalization where the values of columns in a dataset are changed to use a common scale, without distorting differences in the ranges of values or losing information. It is required for some algorithms to model the data correctly such as curve fitting algorithms like the clustering algorithms used in Unsupervised Machine Learning. Statistical data is used to detect user-based threats with user and entity behavior analytics or to identify network threats through network traffic and behavior analysis.

 

Extracted Data: Data retrieved from data sources (like a SIEM database) using specific search patterns to correlate events to build a complete picture of a session or attack. For example, Mapping DNS logs and HTTP logs together to find a threat actor by searching on metadata or IoCs, or tracking the path of email using the Message ID (MID) value.

 

Security Intelligence Enriched Data: Adds information such as reputation and threat scores to metadata to help identify potentially compromised hosts within the network based on a threat analysis report containing malicious IP address or domains, for example Mapping DNS, HTTP, and threat intelligence data together to identify connections to known blacklisted sites.

 

That’s a wrap on this series presenting some cybersecurity fundamentals. Remember, you can’t plan for every threat, and you can’t anticipate the actions of users – both friend and foe. What you can do is be a prepared as possible and reduce the time to detect associated with attacks. You can also put processes and knowledge in place to efficiently respond and remediate. Know your environment and keep up to date with the changes in the threat landscape and how they relate to your use cases. Don’t get complacent – stay prepared.

By Paul Parker, SolarWinds Federal & National Government Chief Technologist

 

Unfortunately, even with an incredibly fast infrastructure, if application performance is poor, then constituents will more than likely have a bad experience. Proper application performance management (APM) is vital for identifying application performance issues and helping ensure that they maintain an expected level of service. Load testing, synthetic and real-user monitoring, and root-cause analysis are just a few of the key tools that comprise a balanced approach to APM.

 

Understanding the importance of application management raises the question: How can public sector IT professionals ensure that their applications are performing optimally?

 

Here are five key components that should be in every IT pro’s APM toolkit.

 

1. End-user experience monitoring

This should be high on the primary list for public sector IT professionals’ APM efforts. End-user experience monitoring tools collect information on interactions with the application and can help identify any problems that are having a negative impact on the constituents’ experience.

 

Many factors can affect the user experience. As local government bodies move closer to complete cloud adoption, it’s important to find a tool that can monitor both on-premise and hosted applications. It’s also useful to consider a tool that makes provisions for instant changes to network links or external servers if either, or both, are compromising the end-user experience.

 

2. Runtime application architecture discovery

This part of APM looks at the hardware and software components involved in application execution—as well as the paths they use to communicate—to help identify problems and establish their scope.

 

With the complexity of today’s networks, discovering and displaying all the components that contribute to application performance is a substantial task. As such, it is important to select a monitoring tool that provides real-time insight into the application delivery infrastructure.

 

3. User-defined transaction profiling

Understanding user-defined transactions as they navigate the architecture helps IT teams to map out events as they occur across the various components. In addition, it can provide an understanding of where and when events are occurring, and whether they are occurring as efficiently as possible.

 

4. Component deep-dive monitoring

This component of APM provides an in-depth understanding of the components and pathways discovered in previous steps. In a nutshell, the IT management team conducts in-depth monitoring of the resources used by, and events occurring within, the application performance infrastructure.

 

5.Analytics

Finally, as with any IT scenario, having information is one thing; understanding it is another.

 

APM analytics tools help IT teams to:

 

  • Set a performance baseline that provides an understanding of current and historical performance, and set an expectation of what a “normal” application workload entails
  • Quickly identify, pinpoint, and eliminate application performance issues based on historical/baseline data
  • Anticipate and alleviate potential future issues through actionable patterns
  • Identify areas for improvement by mapping infrastructure changes to performance changes

 

As IT environments become more complex, it is equally important to choose a set of APM tools that integrate with one another and with other tools and solutions already in place. Having visibility across all pieces of the application environment is critical to having a complete understanding of application performance and helping ensure “always on” optimization.

 

Find the full article on GovTech Leaders.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

It was LinkedIn that reminded me how long it's been. A sudden flood of "Congratulations on your work anniversary" messages (thank you, by the way, to everyone all the well-wishers) hit my inbox, little popup messages lining the bottom of the dedicated tab in Google Chrome. My first thought was, "has it been that long?" which was followed almost immediately by, "OF COURSE it's been that long."

 

It's similar to the thought parents think about their kids: "Where has the time gone?" followed by a rush of memories, each one distinct and unique, carrying their own particular imprint on our emotions. Every one of the more than 1,460 days is there, if I think hard enough about it. Not all of them have been perfect days. In many moments, I was not at my best. No matter how much fun I have at it, work is still work.

 

But what amazing work it's been.

 

Over the last four years, I have had the joy and privilege to meet so many amazing people, many of whom you've gotten to know along with me: experts in the field who have the ear of thousands; brilliant minds within SolarWinds who are setting the course of our products and inventing, sometimes out of whole cloth, new methods of doing things we had only imagined a few years ago; and people who have transitioned from one to the other (and sometimes back again). But along with those who shine brightly and capture our attention—be it in blogs, videos, webinars, or eBooks—there are incredible people I work with every day who are quietly brilliant, consistently awesome, dependably insightful. These are folks who avoid the spotlight (and a few who actively run from the room if a camera is turned on), but who are passionate and driven and engaged and skilled. And this job has allowed me to work with all of them. To learn from them. And occasionally teach them something, even if it's on the history of Dungeons & Dragons, or how to correctly pronounce "challah."

 

Second only to the people is the work itself. When I told my wife about the job after my first interview—how I'd be writing for publications, blogging, creating video content, and speaking at industry events—she said, "I hope you didn't tell them you'd have done all that for free!" I would have, but I wouldn't have had the chance to do it quite so much. In four years, I've had the chance to create 12 eBooks, write 254 essays or blog posts, and appear in 176 videos. Yes, yes, #humblebrag. I'm celebrating my Head Geekiversary. I think I've earned a little bit of workplace pride.

 

I've had four glorious years to venture out to conventions and user groups and meet people who use SolarWinds products to solve their very real, very important challenges. To help celebrate (and as often as I can, publicly share) their successes and to hopefully be part of resolving any of the challenges they've faced. To marvel at the arc of their careers, whether they were just getting started, somewhere in the middle, or reflecting back after many years.

 

And you know what? After all this time, it's still my dream job. It's still every bit as thrilling to me today when I get to tell people "I'm a Head Geek for SolarWinds" as it was back on that very first day (My name is Leon Adato, and I'm a SolarWinds Head Geek ).

 

So thank you again to everyone who messaged me with "congratulations," both for the kind words and for the chance to stop and take a moment to appreciate just how wonderful it's been.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Have you ever read about TV ratings? Almost every person that watches TV has heard of the ratings produced by the Nielsen Media Research group. These statistics shape how we watch TV and decide whether or not shows are renewed for more episodes in the future.

But, how does Nielsen handle longer programs? How do they track the Super Bowl? Can they really tell how many people were tuned in for the entire event? Or who stopped watching at halftime after the commercials were finished? This particular type of tracking could let advertisers know when they want their commercials to air. And for the network broadcasting the event, it could help them figure out how much to charge during the busiest viewing times.

You might be interested to know that Nielsen tracks their programs in 15-minute increments. They can tell who was tuned in for a particular quarter-hour segment over the course of multiple hours. Nielsen has learned that monitoring the components of a TV show helps them understand the analytics behind the entire program. Understanding microtrends helps them give their customers the most complete picture possible.

Now, let's extend this type of analysis to the applications that we use. In the old days, it was easy to figure out what we needed to monitor. There were one or two servers that ran each application. If we kept an eye on those devices, we could reliably predict the performance of the software and the happiness of the users. Life was simple.

Enter virtualization. Once we started virtualizing the servers that we used to rely on for applications, we gained the ability to move those applications around. Instead of an inoperable server causing our application to be offline, we could move that application to a different system and keep it running. As virtual machines matured, we could increase performance and reliability. We could also make applications run across data centers to provide increased capabilities across geographic locations.

This all leads to the cloud. Now, virtual machines could be moved hither and yon and didn't need to be located on-prem. Instead, we just needed to create new virtual machines to stand up an application. But, even if the hardware was no longer located in our data center, we still needed to monitor what we were doing. If we couldn't monitor the hardware components, we still needed to monitor the virtual machines.

This is where our Nielsen example comes back into play. Nielsen knows how important it is to monitor the components of our infrastructure. So too must we keep an eye on the underlying components of our infrastructure. With virtual machines becoming the key components of our applications today, we must have an idea of how they are being maintained to understand how our applications are performing.

What if the component virtual machines are sitting on opposite sides of a relatively slow link? What if the database tier is in Oregon while the front-end for the application is in Virginia? Would it cause an issue if the replication between virtual machines on the back-end failed for some reason due to misconfiguration and we didn't catch it until they got out of sync? There are a multitude of things we can think about that might keep us up at night figuring out how to monitor virtual machines.

Now, amplify that mess even further with containers. The new vogue is to spin up Docker or Kubernetes containers to provide short-lived services. If you think monitoring component virtual machines is hard today, just wait until those constructs have a short life and are destroyed as fast as they are created. Now, problems can disappear before they're even found. And then they get repeated over and over again.

The key is to monitor both the application and the infrastructure constructs. But it also requires a shift in thinking. You can't just rely on SNMP to save the day yet again. You have to do the research to figure out how best to monitor not only the application software but the way it is contained in your cloud provider or data center. If you don't know what to look for, you might miss the pieces that could be critical to figuring out what's broken or, worse yet, what's causing performance issues without actually causing things to break.

What do The Guru, The Expert, The Maven, The Trailblazer, The Leading Light, The Practice Leader, The Heavyweight, The Opinion Shaper, and The Influencer all have in common? These are all other examples of what to are commonly referred to as “Thought Leaders.” Some may say it’s the latest buzzword by calling experts and influencers "Thought Leaders," but buzzword or not, Thought Leaders have been around way before the buzzword came to use.  Thought Leaders are the go-to expert among industry colleagues and peers. They are the influencers that lead direction within an organization, and sometimes they can be that leading light in your department that innovates new ideas and visions. Thought Leaders are often not in direct line of the management chain, but instead complement management and lead through example to execute vision and goals.

 

Not All Thought Leaders are the Same

The saying “One size does NOT fit all” can also refer to Thought Leadership because not all Thought Leaders are the same. Some Thought Leaders are about cutting-edge trends while others are there to inspire others. However, most Thought Leaders are experts in a field or industry and sometimes have a stance on a particular topic. They look beyond the business agenda and see the overall picture because every industry is constantly evolving. Being able to have insight in the trends and applying them to achieve and deliver results is part of the equation. You must be able to lead others and want to develop them as people not just players on a team.

When someone asks me how they can become a Thought Leader, I tell them this isn’t about you, it’s about others. When you help others by sharing your knowledge and experiences, all that other stuff will naturally come. Thought leadership status isn’t obtained through a single article or social media post on Twitter or LinkedIn. It’s something that you build your experiences and create credibility among your followers or your team at work. Experience takes time. Experience also means not only learning but listening to others. Everyone has different ideas and opinions, and being humble to listen and understand others is a critical part of the learning process. Thought Leaders don’t have all the answers and they are constantly learning themselves.

Credibility does not always mean obtaining all the latest industry certificates. While it can help, it’s not everything because having real life experiences is just as important. Someone that has all certifications in the industry but doesn’t have any applied real-world experiences will probably not get the same credibility as someone with 15+ years’ experience and fewer certifications.

Being the “Go To” person means defining trends or topics and showing your followers how they can take that knowledge to go farther with it. Once you are there it doesn’t stop either because you will need to continue to be involved and learning, otherwise your followers will eventually stop following you for guidance and that “vision.”

It’s About Others

I still get shocked sometimes when people refer to me as a Thought Leader. The reason why is because I didn’t set out to become a thought leader. What I wanted to do and still want to do is make a difference in the world and company I work for and to my coworkers and peers. I wanted to help others be successful by sharing any knowledge or skills that I may have. My hope was that by sharing my experiences others can be empowered to better themselves. Early on in my IT career, a manager gave me the best advice: sharing your knowledge will make you more valuable and it will motivate you to learn more. I have since kept that advice and use it daily. 

Back from VMworld and it's hotter here at home than in Las Vegas. I've no idea how that is possible. VMworld was a wonderful show, and it's always good to see my #vFamily.

 

As always, here are some links from the Intertubz that I hope will hold your interest. Enjoy!

 

AWS announces Amazon RDS on VMware

There were lots of announcements last week at VMworld, but I found this one to be the most interesting. AWS and VMware are bringing the cloud to your data center. I expect Microsoft to follow suit. It would appear that all three companies are working together to control and maintain infrastructure for the entire world.

 

Earthquake early-warning system successfully sent alarm before temblor felt in Pasadena

I applaud the effort here, and hope that these systems will allow for more advanced warnings in later versions. Because alerting me 3 seconds before an earthquake strikes is not enough of a warning.

 

Two seconds to take a bite out of mobile bank fraud with Artificial Intelligence

OTOH, alerting within two seconds seems reasonable for detecting fraud, because fraud usually doesn’t involve a building falling on top of me. And this is a great example of how AI research can make the world a better place.

 

Video games that allow in-game purchases to carry Pegi warning

I think this is a great first step, but more work is needed. I’d like to see video games publish the amount of time and/or money necessary to complete the game.

 

World's Oldest Customer Complaint Goes Viral

After reading this, I do not recommend shopping at Ea-nasir’s store. Avoid.

 

Major Quantum Computing Advance Made Obsolete by Teenager

Ignore the clickbait title. The kid didn’t make anything obsolete. But he did stumble across a new model for recommendations. The likely result is that when quantum computing finally lands, researchers will be able to focus on solving real issues, like global warming, and not worry about what movies a person wants to rent next.

 

How to Roll a Strong Password with 20-Sided Dice and Fandom-Inspired Wordlists

The next time you need to rotate a password, start here.

 

Adding this to my conference survival guide:

 

Filter Blog

By date: By tag:

SolarWinds uses cookies on its websites to make your online experience easier and better. By using our website, you consent to our use of cookies. For more information on cookies, see our cookie policy.