I’m excited to announce a new SolarWinds product today, Firewall Security Manager (FSM). To say that firewalling is a critical part of any modern network is an understatement, but managing the rules that determine whether your network is secure and whether your applications actually perform as expected can be daunting. This is especially true if you are the second or third person to do the job, since there’s often little documentation on what rules exist and why.
FSM is all about addressing concerns that you’ve all told us are important to you around firewall change management.
What’s better for all of you Network Configuration Manager (NCM) users out there is that FSM already integrates with NCM so you can import device details over to FSM easily.
For a more detailed description of how FSM can add value to your network management tools check out Francois Caron’s product blog post and the Firewall Management page on Solarwinds.com.
The Blackberry certainly started the “smart mobile device” revolution and there are some that still use them, but most would agree that it was Steve Jobs and Apple that really changed the world. With the advent of the iPhone, iPad, and then fast-following Android OS devices, employees and more importantly their executives enthusiastically brought the “new hotness” in mobility into the workplace regardless of whether their IT organizations were ready or not. We industry folks like to call this Bring Your Own Device (BYOD) for lack of a better term, but I think this implies a formal “hey, come watch the game at my house and BYOB” invitation that most IT organizations don’t remember sending out. A lot of IT folks are now left lying awake at night wondering whether all these new devices comply with their security policies and what happens when the first mobile-to-PC virus hits.
I recently attended a MDM webinar and it seems most of the attendees were still trying to figure out what to do. A paltry 18% of those polled claimed to have rolled out an MDM program. So, let’s say you’re in the majority and still in the process of developing a program. Where do you start? Should you begin gathering requirements and evaluating MDM solutions immediately? In the immortal words of Lee Corso, not so fast my friends…
Here’s the thing. The concept of rogue or uninvited devices on the network isn’t a new concept for IT organizations. Anyone had a hub take out a switch on their network before? Or problems with rogue access points or servers? So, the issue is more fundamental than just mobile devices. This is a general problem that requires beginning with a comprehensive assessment of your network. And as the owner of network ops (and thus the network ports), you have a lot more solutions at your disposal than you might think.
1. Start by assessing what devices are on your network and where they’re connecting. Consider leveraging user device tracking and/or switch port monitoring software to track which devices and users are connecting to which switch ports (both wired and wireless) on your network over time and alert you to switch port capacity issues. Think of it as a switch port mapper on steroids.
2. Understand the performance impacts that rogue or uninvited devices are having on your network. Use your network management system and enable netflow analyzer to understand where you have network utilization issues and who and what is consuming your bandwidth based on the network bandwidth monitoring tool. Mobile devices may be consuming more than you think or it may turn out there are bigger fish to fry with bandwidth hogs running on “approved” devices.
3. In parallel, start gathering requirements from the various departments you support. Determine how they’re using their mobile devices today and how they’d like to use them in the future and reconcile this with your own security policies.
Once you understand the impact of BYOD on your network and have determined the right balance between user desire and your own corporate policies, I think the next steps will be much clearer. I'll discuss what comes after assessment more in a subsequent post, but for now...good luck!
Welcome back. In the following post, I'll continue to list another 5 events to monitor on the trail of stolen passwords...
You can see the first 5 in my post from the 10th, here: Top 10 Events to Monitor for Stolen Passwords, Part 1
The last 5 events fall into the following categories.
Identify some key areas of segmentation you can take advantage of. Examples: sales people are in a common AD group and expected only to log on locally or via RDP to laptops in the laptops OU or group; developers are segmented to a certain part of the network and expected only to log on from those IPs or a corporate VPN.
There's mixed messages about abuse of privileged access to resources causing breaches – there are horror stories like the guy from San Francisco that made it impossible to access network devices after getting fired, and there are some breach reports that show insider threats to still be a significant issue – but it's common sense to know what your most trusted users are doing. After all, those most privileged users are also going to have the most access and be the highest value target. Think beyond just IT administrators here and identify other high visibility targets, too, like your CEO (probably has access to lots of data), financial officers (them too!), development operations staff (can make changes, may have access to databases and resources where passwords or critical data exists), and anyone with named access to visible resources.
Monitoring for these events will help your organization remain secure and not become the next victim of a security breach.
Chances are you've heard about the breaches of LinkedIn, eHarmony, and last.fm, among others. In these breaches, password hashes were leaked and almost immediately cracked, demonstrating how unfortunately basic many passwords are despite our attempts to make people smarter about passwords with password policies and constant user education. The reality is that passwords are an inconvenience to most people -- a necessary evil -- and a cost of doing business. People frequently reuse passwords or use a pattern with simple words or character addition/replacement, making it possible to follow them around the internet and gain access to multiple accounts. You might not care if the passwords that are exposed are for online dating, music, or other social sites, but what if they were yours? Or worse, what if it was a bank or credit card company that was breached?
Following these breaches, a lot of stories came out about watching accounts for stolen passwords. But many of these articles lacked concrete advice such as what do you actually LOOK for when you get to all that log data?
There are 10 events in particular to monitor for stolen passwords and general abuse on a network.
The first step is to make a list of all systems that have external access from the internet, then critical systems with internal (but theoretically limited) access from user networks (servers, network devices, management systems).
Come back on August 17 to see the followup to blog listing events 6-10 you should monitor on the trail of stolen passwords...
So VMware picked up a product called Log Insight (from a company called Pattern Insight) today, another in their recent run of acquisitions. What makes this acquisition interesting is the tacit acknowledgement that management can’t be done using data only extracted from the vSphere API. Historically VMware and others have focused their data center management approach on the VM, host, network, and storage data available through the API, but anyone who’s managed an IT environment knows that’s like running a race with one arm tied behind your back.
SolarWinds has long believed that managing a data center environment is about collecting and correlating data from many sources, from the storage arrays, from the hosts, from network devices, and the application components themselves. Sometimes you gather this data via logs, other times via direct APIs and where you have common bottlenecks you build management applications around the problem. For example if you have a real cloud data center environment you know that from time to time you may run into I/O bottlenecks. These may be at the host, or the array controller or at the disk, and when troubleshooting storage I/O issues it’s beneficial to have management software that can map the path from the VM all the way to the spindle.
On the log management side the problems tend to be more about looking for the needle in the haystack and the reality is that’s hard. Log’s tend to be machine friendly but not user friendly, but often when you find a problem you want to make sure that problem either doesn’t happen again or you’re notified and you can run corrective action before it spirals out of control. In dynamic data center environments waiting for a log management system that’s going to collect data, write it to a database, then run its alert and rules engine, and then send an alert without taking any automated action is like waiting an eternity. Real-time log analysis and response is the right approach to tackling this problem – event log correlation happens in memory and the log management system can execute automated actions and then notify you of the problem and actions taken.
So it’s great to see VMware get in the game – operations is definitely about more than the data in the vSphere sandbox, and I know I didn’t need to tell all of you that.
Guest Blog by David Marshall, Sr. Marketing Manager and Social Media Strategist at Virtual Bridges
Virtual Bridges and SolarWinds have jointly put together a four part blog series intended to provide guidance in implementing and managing a VDI environment. These will be posted alternately on the SolarWinds Whiteboard blog at http://thwack.solarwinds.com/community/solarwinds-community/whiteboard/blog and the Virtual Bridges blog http://www.vbridges.com/company/news/blog/ . This is the second part in the series, the other parts are:
We hope this is useful to you and look forward to your feedback.
We’ve all heard the horror stories of VDI projects that are stalled and left in the IT graveyard. But with the right planning, you can enjoy the benefits of VDI without the headaches.
Below are 10 tips to ensure your VDI project is primed for success, and ready from the onset through project completion.
Do you have any tips that you’d offer to those considering VDI? Drop us a line and let us know. In the meantime, we hope you’ve enjoyed this blog series with Virtual Bridges. Keep an eye out for part 4, Key Considerations for Storage Optimization for VDI, coming from SolarWinds on Thursday.
Check out this recent infographic commissioned by Skype, and you’ll see why you shouldn’t trust the patching of your workstations to be left to your end users. According to the survey results, 40% do not always update their software when prompted to do so. The reason? Half of users don’t see a benefit to doing so, nor do they understand the impact of the upgrade. Nearly one-third of respondents think patching takes too long.
This can be very problematic, especially as we are seeing an increase in BYOD, and according to a joint survey by SolarWinds & Network World, 27% of IT pros are not at all confident on the level of visibility into personal devices accessing the corporate network.
This is also very concerning because applications residing on workstations are the kind that have critical vulnerabilities. Just take a look at 3rd party updates and you can see that many of the critical patches in recent months are for applications like Chrome, Firefox and Flash. In this other article from ars technica, Peter Bright reveals that 37% of Firefox users are running older versions of Firefox that are not being updated (by Firefox) with critical patches for known vulnerabilities.
How can you control whether applications on endpoints are protected from the latest known vulnerabilities?
Security incidents can be very costly and damaging to your business. Responsibly protect your company’s reputation and assets with a sound patching strategy for all end users accessing the corporate network.
If you have not done so already, download a free 30 day trial of Solarwinds Patch Manager and automate the patching process for your endpoints.
A long time ago in a galaxy far far away….well you know the rest of that story, but SolarWinds, another name from the cosmos, has some interesting history behind it and I thought today, with our Q3 network management news release update I would take a look back and a look at what’s next. For those of you who are new to SolarWinds first a few stats about our networking business that you may not know:
Our first set of tools were bundled together in what is today known as Engineer’s Toolset, it’s a collection of over 50 of the tools every network engineer and aspiring IT pro needs. It’s holds a special place for many of us here because it represents the start of the journey to deliver an unexpected level of simplicity for network engineers everywhere. It was also one of the drivers for creating the original SolarWinds Network Performance Monitor (NPM) product – our flagship network monitoring product. Over the years we’ve heard a lot of great stories about how NPM has helped make your lives easier and we’re always excited to hear more so if you have a great story please let me know (email@example.com).
But most folks don’t know that in addition to Engineer’s Toolset and NPM we actually have a whole bunch of other useful tools. I can’t cover all of them here, but the key ones are listed on our website here. In addition, there are some products you may use every day that you may not realize came from SolarWinds – Kiwi Syslog and DNSstuff.com are 2 of the best known.
This quarter we’re continuing the evolution of our network management tools with 4 new product releases that I wanted to talk about.
First, our new VoIP and Network Quality Manager product is going to be shipping soon. The product combines both IPSLA operation data that provides visibility into WAN performance with call detail record metrics from Cisco Call Manager to give you a quick way to troubleshoot VoIP and WAN performance. This is something many of you have been asking for and we’re excited to be shipping the product.
For those of you doing something with BYOD, or just rocking back and forth wishing it would go away, we’re shipping an updated version of our User Device Tracker product (UDT) that adds support for controller based wireless access points. Now you’ll be able to pinpoint exactly where wired and wireless devices are on your network and who’s logged into them both in real-time and historically.
Third in line is a new version of NetFlow Traffic Analyzer (NTA) that will deliver some exciting new charting tools, making it much easier to drill into your traffic data. In addition for those of you looking to monitor traffic in your virtualized data centers, NTA adds support for flows from VMware vSwitches.
And last but not least is a new version of Network Configuration Manager (NCM). Network configuration management is often one of those things that you think you can live without, but in reality a large % of network problems are still caused by unintended configuration changes and if you’re an NPM customer NCM data can be automatically put into alerts giving you a quick view of config issues. This new release adds greater scalability to NCM through the use of our scalability engines as well as support for new vendors in the Japanese market (Alaxala and Apresia).
So, it’s a busy few months ahead of us, we hope you enjoy what’s coming, and before I sign off I’ll add my thanks to all of our customers and community members for being loyal supporters and vocal critics – we wouldn’t have the leadership position we do without your support, so thank you and as always questions and comments are welcome.