Skip navigation

"Hey Grandpa, tell me again the story about how you had to remember 53 passwords and they were all supposed to be different, and you were supposed to change them every 90 days.  That's a funny story!  I think you're making it up!"

 

 

I was just at an ISSA Austin meeting where Mark Thames of Toopher presented.  Great preso enjoyed by 125 atttendees.  So Mark asks the audience of security practitioners, "Who thinks passwords will be gone in 5 years?"  Maybe 3 people raise their hands.  Passwords are so ingrained in everything digital.  We are definitely not laughing yet.  


Mark had an interesting truism in his slides:  "Easy-to-remember passwords are bad passwords.  Hard-to-remember passwords are bad passwords."  So we not only have 53 passwords that should be unique, they should all be really tricky to guess.  That also makes them tricky to remember.


Sure, there are all kinds of solutions security vendors offer right now, like SSO.  SSO has got to be one of the most complicated simple solutions ever.  Every app demanding authentication, it's still scary hard to satisfy them all, including those legacy apps who had their own ideas about passwords.  Then there's the old "keys to the kingdom" issue, where with SSO if the bad guy compromises the SSO password they get into everything.


At the most basic level, authentication is about proving you are who you say you are.  Given human frailties at remembering 53 complex and unique passwords, second factor authentication becomes attractive.  Traditional second factor authentication, where you have to provide two proof points, can include something you know, like a password, something you are, like a fingerprint or retinal scan, and something you have, like a token.  With the second factor, the risk of a weak password is reduced, making the game almost tolerable for a human.  You can probably get away with a password you can actually remember with second factor authentication backing it up.


It's a good thing young, smart companies like Toopher are trying to fix this mess.   Computer authentication, at this point, remains tedious at best.  Personally, I'm looking forward to griping about how hard we had it back in the day, trudging 3 miles in the snow to the computer and then being challenged to prove I am who I say I am by every Tom. Dick and Harry application I happen to want to use.  Jeez.

trudging through the snow.jpg


On a more serious note, bad guys are doing a pretty good job with various tools and social engineering to pirate user passwords.  You might want to look at a SIEM solution for your business to watch for remote access attempts and failed access attempts. which are correlated with other anomalous behavior across the network, systems and apps to defeat the bad guys.  If that's the case, check out our Log & Event Manager product for 30 days free.




Okay, so maybe some of you saw it coming… maybe you just knew that Q was going to be in our final battle. Maybe some of you knew it would be Spock.

It was pointed out that the ears and the bowl cut was bound to rule… at least to this point, but once again, we give to you, the wrench. This time the battle commences not between the foes, but the contender’s foes. Spock and Q do not battle one another until they have summarily dismissed all their opposition’s former foes… then we’ll let them at each other.

 

So, how will Q handle Neo, the IID, the Borg, and Number 6?

 

And how will Spock handle: Vader, the 10th Doctor *grumble*, Kaylee, and River Tam?

 

Only you know the ways and means, give it to us. Who will be the SolarWinds Sci-Fi Bracket Battle champ?

 

Midnight: bring it.

Well, here we are, our final four contenders have slotted into place.

 

I'm sure that Q and River are not even looking at one another... disdain washing over one from the other. I have to ask, when confronted with someone minus one amygdala versus the perpetual manipulator and gamer, really who will come out trapped (or is that truly freed)? Will River read Q's mind or have her own blown in the attempt? Will Q simply underestimate River and leave himself open to harvest? Let's look at cerebral power here. Who will win the battle of the minds?

 

And then we have the fight to see who might mess up and emote. Spock... will you let that human side show? Number 6... did you really have a part in Caprica 6 going off to be a farmer with Baltar? When pride and love and all those other silly feelings begin their nagging itch, who will fold first?

 

And so, here we are, edging closer to the final battle... let the games begin.

More than 1000 votes were cast in the Fleet 16, enabling the following challengers to be named the SUPER 8 and matched accordingly.

 

  • Picard v River
  • Kaylee v Q
  • Borg v Spock
  • Number 6 v T-1000

 

At this point, I need to take a moment of silence to mourn the untimely demise of the 10th Doctor. 

 

You all understand what this means, right?  10th now regenerates into the 11th Doctor and we get the Ponds.  UGH. Sigh, only 10 more days until Clara.

 

Anyway, we are sure that you are waiting with bated breath for the rules for the Super 8 round…  We went back and forth on this one and finally decided that it was time for a good old-fashioned blood sport. 

 

The Super 8 round will not be fought solely with special powers and combatants must leave their weapons at the door.  We are all set for some hand-to-hand, backyard style brawling.

 

Brackets are updated and new polls & VOTING will launch at MIDNIGHT. 

Well, folks…  we have wrapped up round 1.  More than 3700 votes were cast over the past week, and we learned some really interesting things about y’all.

 

  • First, The Matrix appears to be pretty universally disliked.  None of those characters made it out of the first round.

 

  • Next on the “we just don’t care for it” list…  Star Wars.  Apparently, almost as much as you dislike Abrams, which doesn’t bode well for the future of the franchise. Han Solo is the only one to make it through, but he was pitted against a Matrix character (see above).

 

  • Likewise for the Original Star Trek crew…  Despite the back and forth between Kaylee and Scotty  (who would have predicted that match up as our closest in Round 1?), the only one to survive was Spock against Neo (and, we agree the logic there in unassailable… see above).

 

As we move into the Fleet 16, we have some pretty impressive match ups.  So, what now?

 

The commenters over at Fark had some questions about how we would run the second round.  Would we continue with the themes we established for Sector 1 or just let everything hang out?  Well, we are here with the answer.

 

In addition to being big Sci-Fi fans, we also hold a special place in one of our two hearts for reality TV (that is one of the benefits of having two hearts, more room for love…). And like any good reality competition, it is time to change up the rules a bit for this next round.

 

For the Fleet 16 match ups, we are giving each character an iconic trait, prop or tool that they will take into battle with them.  It is up to you to determine who then is best prepared to eliminate, neutralize or otherwise render irrelevant their foe.

 

Now, before everyone gets their exoskeletons in a twist…  a few caveats:

 

  • Yes. Some of these match ups are decidedly unbalanced.  That happens in brackets.  There is always some Cinderella team that wins the first round game only to face a #2 seed in the next.  Such is life.
  • Maybe.  Could the character use their tool in an unconventional way to manipulate their opponent into defeat?  Sure… that is really up to your interpretation.  That is what makes this fun.  We LOVED all the debate in the first round and obviously want to keep that going.
  • No. We have no expectation that you will be pleased with all of our selections. In fact, we anticipate many of you will be quite put out. But, hey…  passion (in situations like these, at least) begets frustration begets crazy debates (see above).  There might be a little method to this madness.

 

 

Voting opens Monday, March 18 at MIDNIGHT, that's 0:00 CDT on the 18th not the 19th.

But you can head over to the bracket now to see the upcoming match ups and what each victor will carry into the next round.

I know my title is a little leading, but honestly I’m not here to tell you that SDNs (software defined networks) are not useful, absolutely not.  Software Defined Networking was created to solve a real problem that exists when you have a virtual compute environment and your VMs and other network devices are in constant motion.  The amount of work that an SDN can save in a large environment like this can be considerable.  In addition, SDNs hold the potential to really revolutionize the networking space by separating out the control and data planes of the network and allowing for low cost, commodity based networking hardware to be used with a centralized control plane.  This is similar to the economic value proposition that server virtualization has brought to us.  So I’ll ask the question the way my kids would. Are we there yet? Gartner would tell you that we’re probably nearing the peak in hype for technologies like OpenFlow so naturally we at SolarWinds get asked the question – what are you doing about SDNs?  Or sometimes the more direct and flattering version – you guys have to be leading the movement on SDN management!

 

So what are we doing about SDN?  Well those of you who know us will take comfort in knowing that we are watching the SDN market very closely.  In addition, we are collaborating with a few of the new networking vendors around interoperability, but we’re not feeding the hype by marketing SDNs – we’re sticking to solving the practical problems of today.  These are of course the problems that you, our users, are asking us to solve – like ‘how do I do a config backup on this fancy new switch?’

 

But beyond the practical we believe that there’s a strong role for SolarWinds to play in a hybrid SDN/non-SDN network as well as a pure SDN network.  We’ve always been able to monitor and manage what’s happening at the data plane and we’ll continue to do that SDN or not.  In the control plane the problems of management are ill-defined, mainly because early adopters of the technology are willing to put up with a lot of pain for the benefit of being on the cutting edge and learning. As a result few problems elevate themselves to the point of being real management pains.  As the adoption of SDNs grows however we expect to hear from more customers about where the problems are and how they’d like them solved and when we do you can rest assured that we’ll be adding features into our products like Network Performance Monitor and Network Configuration Manager to make your life easier.  So for today we’ll stick with the basics I alluded to above (how do I backup a config), because as you all know we at SolarWinds are driven by the Market (i.e. customers) not the Marketing!

We are deep in the middle of Sector 1 voting (this round closes March 15, noon CT), and already there have been some interesting developments.

 

You Trekkies are a dedicated lot. We apologize for making you choose between your precious captains so early in the round.  It simply could not be avoided.

 

If you haven’t voted and are still trying to determine which engineer you would rather have with you deep in the middle of space, or whether Ripley’s history of coming back form the dead gives her an advantage over Hiro, there are some really excellent discussions going on outside of thwack you might want to check out.

 

One of our favorite IT bloggers, Lone Sysadmin, has his take on the state of five match-ups in particular.  Check it out here.

 

And, if you feel the need to go deep into the wormhole, head over to Fark and check out the discussion around the Ender v Paul and Vader v Q match ups, among others.

 

And Richard Hay (@winobs), gave us a shout out earlier today…  We previewed the bracket with a few lucky bloggers at Gestalt IT’s NFD #5 last week.

 

And, our apologies to the Stargate contingent…  if Q makes it to the second round, perhaps we will bend all the rules in his honor and drop a write-in candidate in the middle of the field just to shake everything up.

                                                       ...Okay, probably not, but we felt we had to throw you some kind of bone.

 

Speaking of “Fleet 16,” are you curious about the rules of engagement for Round 2… will we continue the themes or, just settle for an all out battle royale? Will we restrain/constrain the competitors to try and even the playing fields…

 

Let’s just say that it all depends on how you vote. You probably want to stay “plugged in” to see where we go from here.

 

Oh, and here is MY prediction for the final four:

 

Spock,

T-1000,

The Doctor, and

River Tam…

The time has come to pick the one true champion of the Multiverse.

 

The official SolarWinds Sci-Fi Bracket Battle is now available!  See the match ups and start predicting their fates; head over to the space in thwack to see who is taking on Spock, Hiro, River Tam and T-1000 for the ultimate crown

 

For those that may have missed it, here are our Rules of Engagement.

 

And, to get us started we have our first battle…  Between C-3PO and Infinite Improbability Drive (C-3PO v. The Infinite Improbability Drive - An exercise in helpfulness...) – which tech do you want by your side as you travel the galaxies.

 

Voting for the prequel will close at 12 noon CT on Monday, March 11.

 

You have the weekend to ponder the possibilities, consider your arguments, and develop your strategies for Sector 1. Want to share? Dare to stand by your picks in the public eye?

Fill out your bracket and post it.

 

May the Force be with you…

 

Make it so…

 

But above all else,

 

Don’t Panic!

In just a few short hours, we release the official SolarWinds Sci-Fi Battle Bracket.

 

I know…   we are pretty freaking excited ourselves. But, let’s all take a deep and cleansing breath and take care of a little housekeeping before we release this linguistic virus and this thing gets bigger than a supernova.

 

You are probably asking yourself, what should I expect from an Intergalatic Bracket Battle? Well, let us adopt the role of helpful onboard computer, providing you with the information you need to engage.

 

In order to make the battle accessible to Neophytes and Trekkies alike, we have selected 33 candidates from the Sci-Fi (and, technically, Space Fantasy) canon of literature, movies, and television shows.  Each pairing has been carefully matched based on some shared theme or principle (and, it is not always the most obvious basis of comparison).

 

MATCH UP ANALYSIS

  • For each combatant, we offer links to the best Wikipedia reference page by clicking on the NAME link in bracket
  • A breakdown of each match-up is available by clicking on the VOTE link.
  • Anyone can view the bracket and the match-up descriptions, but to comment and VOTE you must be a thwack member (and logged IN). It's easier to join than the Battle School... promise.

 

VOTING

  • Again, you have to be logged in to vote and debate…
  • You may only vote ONCE for each match up
  • Once you vote on a match, click the link to return to the bracket and vote on the next match up in the series.
  • Each vote gets you 50 thwack points!  So, over the course of the entire battle you have the opportunity to rack up 1550 points. Not too shabby…

 

CAMPAIGNING

  • Please feel free to campaign for your favorites and debate the merits of our match ups to your hearts content in the comments section and via twitter/Facebook/Google+ etc. etc. etc.
  • We even have a hashtag… #SWIscifibattle… to make it a little bit easier.
  • There will be a PDF version of the bracket available to facilitate debate with your office mates or HALO crew.  (Yes, this bracket battle is a bit like Serenity… not as fancy as that Bracketology thingy that happens this month, but suits our needs and we are a bit partial to its stripped down efficiency)
  • And, if you want to post pics of your bracket predictions, we would love to see them on our Facebook page!

 

SCHEDULE (Full schedule will post along with the bracket on March 8)

 

  • Bracket Release and Prequel Battle OPENS March 8 at MIDNIGHT
  • Sector 1 Battles OPEN March 12 at MIDNIGHT
  • Fleet 16 Battles OPEN March 18 at MIDNIGHT
  • Super 8 Battles OPEN March 21 at MIDNIGHT
  • Death Quad Battles OPEN March 26 at Midnight
  • Judgment Day Battle opens March 28 at MIDNIGHT
  • Champion of the Multiverse will be announced on APRIL 1 (no foolin’)

 

If you have other questions… feel free to drop them below and we will get right back with you!

 

Otherwise, keep your eyes on this space to bear witness to our Sci-Fi Cathedral of Chaos... Doors open at midnight... Don't forget. Don't be late. Don't make Uncle Enzo apologize.

 

Thrusters in 5...4…3…2…


 

Fill out your bracket and post it, don't be shy.

Last week at the RSA conference (see my RSA Recap) it was interesting to hear the drumbeat of security is everyone’s problem, and at the same time see posts on the staffing crisis in IT security.  In addition, I talked to so many people who told me that security tools aren’t budgeted for well and that’s one of the reasons that they have to go up the chain to get approved.  All of this made me think about the real challenge in making security everyone’s responsibility when you can’t get tools easily, you don’t have enough people, and most of the tools are hidden in a shroud of complexity. 

 

Step 1:  Getting the buy-in that you need the tools:  So ROI is everything and security tools have these magical ROIs that talk about the cost of data loss and application downtime to the business.  It all translates to real revenue impact and ultimately most of the big projects are sold like insurance – but as an IT guy in the trenches, you don’t get to buy insurance, your boss or boss’s boss does that right? 

 

Well there’s a better way to look at it if you need to justify many of these tools – operational efficiency

 

Consider this example.

  • How many firewalls do you have? 
  • How many changes do you make a week? 
  • How many people make changes? 
  • How long does a change take to plan, make, and test? 
  • How many changes need to be re-worked?
  • How many security patches do you apply in a typical month?
  • How long do you spend reading log files, or using homegrown tools to read log files 

 

For example, if you had a tool that everyone could use to analyze firewall rules and changes before they went to production, and then generated the script changes that you could put into your award winning configuration management tool then how much time would it save?  If you could automate the patching process across Microsoft and other 3rd party software you have, how much time would it save?   If you had log file analysis and automated responses to suspicious behavior, how much time and grief would it save?  How much hassle? 


Step 2: Getting your security folks on board.  While I was at RSA I spoke to a few security guys and one thing stuck with me, they all made the point that when security is part of everyone’s day job - without it feeling like security - it got done, and without complaints.  It’s like disguising vegetables in something delicious for your kids!  Well you’re not a kid and you don’t need a disguise, you can go to your friendly security guy and tell him you have a tool that you’re using to help you make changes quicker and better and it also will help generate compliance reports and prove that you are holding down the fort so to speak. 

 

You might even find yourself popular with your security folks, if you propose the tools SolarWinds provides that enhance security while increasing productivity.  SolarWinds products are typically far more affordable than comparable solutions.


Step 3: Oh that dreaded complexity. So your IT guy loves the concept and wants to know when the demo will be.  Well that’s where we come in – just download the right product for you and you’ll be up and running in about an hour.  Now you do the ‘demo’, but better yet – it’s a demo running in your environment with your data.

 

That’s it – 3 steps to making security everyone’s business.

You are responsible for running your company's help desk. So, you have some number of IT technicians working on resolving help desk tickets. This approach may be the norm, but is it really good enough for truly successful help desk service? While the sheer number of tickets is ever increasing, the types and complexities of help desk tickets grow exponentially as well. In the wake of this growth, consistently meeting SLAs and improving customer service is clearly not getting any easier.

What you need is not more help desk staff, but rather some wise counsel to help you plan, optimize, and execute your current help desk services smartly and effectively. Let’s take a look at some best practices:

 

#1 Plan Ahead & Institute a Structured Workflow

Simply put, this is the most fundamental step for the success of any help desk implementation. You need to know the ins and outs of your help desk strategy. So, start by planning a structured workflow of:

  • How you intend to assign a technician to a ticket
  • How the ticket is going to be escalated
  • How the communication with the end-user is going to be established
  • How to implement the ticket approval process

You need to define reasonable service level agreements, appropriate support levels, and good business logic for ticket routing and assignment. Planning only begins here.

 

#2 Know Your IT Environment

You need to know your IT environment, your end-users and their designated assets, because they are the source of your IT tickets. You need to have quick access to details of user accounts, as well as your enterprise hardware and software equipment. Start by:

  • Integrating your help desk solution with your corporate Active Directory®
  • Importing all your assets and IT inventory into your help desk software

 

#3 Simplify & Automate Your Help Desk Tasks

So many help desk activities are done manually by support staff. Manual task completion costs time and effort and leaves room for human error. Employ automation techniques for:

  • Simplifying ticket creation
  • Ticket assignment, routing, and escalation
  • Performing specific ticketing actions for predefined event conditions
  • Alerting and notification of ticket closure or breached SLAs

 

#4 Communicate with Your End-Users

Your customers need to know the status and progress of their help desk ticket at any given point. Prompt communication contributes to improved customer satisfaction and involves keeping your customer updated on:

  • Initial ticket acknowledgement
  • Technician assignment
  • Expected turnaround (based on SLAs)
  • Course of resolution or remediation steps
  • Escalation and approvals
  • Notification or query back to the customer
  • Ticket resolution and closure

Your help desk software could serve as an effective medium of easy information exchange between the support staff and the end-user.

 

#5 Help Your Customers Help Themselves

There are many issues your customers can resolve themselves when provided with the right self-service resources. So, build an easily searchable knowledge base (KB) to provide both your customers and technicians quick resolutions to frequently encountered problems.

You can provide FAQs and technical tips to address specific issues, then tag them to align with specific ticket fields that point the user to the associated KB article when those fields are populated by the user.

 

#6 Monitor the Performance of Your Support Staff

You should consider monitoring and analyzing the performance of your help desk technicians over time. This will help you measure the team’s service levels and workload management and isolate critical issues requiring more support resources. Scheduled, ongoing performance reports will help to provide additional insight.

 

#7 Survey Your Customers

Do you know how satisfied your end-users are? At the end of the day, it’s customer satisfaction that defines the success of your help desk service. Surveying your customers on a regular basis will help you get a better understanding of your technician’s performance, any potential bottlenecks in workflow, and root causes of repeating issues.

 

Running a help desk can be a cinch when you do things the right way—the efficient way—using the right tools to simplify your complex ticketing tasks. This will buy you back some much-needed time and make you look like an IT superstar in front of your happy customers (not to mention your boss).

Here at SolarWinds we live for an old-fashioned hypothetical grudge match, and we know we’re not alone. In fact, we’re thinking it’s time for the definitive battle of sci-fi characters! We’ve been waiting a while for this one, my friends.

 

Whether it’s at happy hour, in the server room, or on Reddit, we’ve been fighting over Picard v. Kirk and Wars v. Trek for more years than Worf has forehead creases. Well, we are done with all the chit chat… It’s time to put our Imperial Credits where our mouths are and crown an official king OR queen in …


The SolarWinds Sci-Fi Bracket Battle!

 

On March 8th, here at thwack.com, it’s about to get REAL. We will launch a bracket-based, “March Madness”-style competition that will feature 33 science-fiction titans from our favorite TV shows, books, and movies. Competitors will pit their champion against another, and all of us will vote to determine each round’s winner. Using only the power of our minds, we’ll carry our heroes to victory! We’re ready to flaunt our sci-fi knowledge … are you?

 

Do NOT miss the chance to …

 

Set up a cage fight with Darth Maul 
Show that limey chrome dome who’s … got … whatittakes …

Tell the world that Number Six is more than just a pretty face…

Give The Doctor his due…

 

Soon, a dark horse of fandom will rise and blow our minds with an impassioned defense of one hero’s obvious superiority. The whole Internet is waiting with bated breath!

 

The official bracket and rules of engagement will be released on March 8th.  And, as a bonus we have a prequel round of voting, leading into the official first round next week.

 

Trust us, go ahead and set your galactic alarm clock for March 8th.

 

You wouldn’t want to miss your opportunity to, oh, you know, dominate the competition world, now would you?

 

We didn’t think so.

 

...more rumblings of the rumble... and a few rules...

 

Oh, and fill out your bracket and post it, don't be shy.

So I spent a day at the RSA 2013 conference this week , primarily talking to all the vendors, learning what was new.  Like every conference there’s a vibe you get on the floor, is it a good year? Are vendors hunkering down for a drought? I’m pleased to say that this year’s conference had a sense of euphoria, maybe it was the big shining spotlight that Mandiant and the White House have put on cyber security problems in recent days and weeks, or maybe it’s just that with the market growing everyone’s growing with it.  I can’t say for sure, but it was a happy place (at least as happy as you can get for a bunch of security guys packed into one place with an equal number of vendors trying to pick them off )

RSABlog.png

 

Ok, here’s the bad part, and maybe it’s all big conferences, but it seemed particularly noticeable at RSA, buzzword bingo.  It didn’t seem to matter what a company did, but everyone was either talking about big data security (what is that anyway?) or mobile security (ok, but really what does that phrase mean) with a few zero-day threats thrown in for good measure.  I wish everyone’s marketing came with a secret decoder ring, maybe there’s an app for that?

 

After wading through the big data I will say that the thing that surprised me the most is that every vendor was targeting the large enterprise, the Global 2000, the Fortune 1000 – what about the rest of the world folks?  In addition, it seems that complexity was the name of the game, how complex can I make my product sound?  After all, complexity sells.  I even had one vendor (whom I shall protect) tell me that they hadn’t focused on making the getting up and running experience easy because they wanted to get their teams in there to ‘work’ with the customer?  Seriously folks – please tell me that’s not what you want (well I know it’s not what you want, you’re here at SolarWinds right )


I give the state of the security market a solid ‘C’, and we plan to be a part of making it an ‘A’. It’s time to actually do what the security folks have been harping on – make security everyone’s problem, get the IT Ops teams to implement security tools in their day job because it helps them, not because it’s shoved down their throat.  We’ve started with a portfolio of products that help solve every day practical problems, and we’ve made them…wait for it….easy and affordable!

  • A full and complete SIEM product:  Log & Event Manager – if you’re considering LogLogic, LogRhythm, Splunk, Q1Labs or are just tired of ArcSight this is the product for you.
  • Got Firewalls? Do you or others in your team change firewall rules? Check out Firewall Security Manager (FSM) – if you’re considering AlgoSec, Tufin, FireMon or others you’ll want to look at FSM.
  • Do you have to deal with patching your systems?  Then Patch Manager is for you.
  • Do you have compliance regulations that deal with data access but still need to transfer files around?  Then managed file transfer is for you


It’s an exciting time to be in security and it’s time for us to get serious in every business not just the large enterprise, and we  are here to provide options that solve problems you have without the cost and hassle that most security vendors want to put you through.

Filter Blog

By date: By tag: