Monitoring Central Blogs - Page 2

cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Monitoring Central Blogs - Page 2

Level 9

DevOps engineers wishing to troubleshoot Kubernetes applications can turn to log messages to pinpoint the cause of errors and their impact on the rest of the cluster. When troubleshooting a running application, engineers need real-time access to logs generated across multiple components.

Collecting live streaming log data lets engineers:

  • Review container and pod activity
  • Monitor the result of actions, such as creating or modifying a deployment
  • Understand the interactions between containers, pods, and Kubernetes
  • Monitor ingress resources and requests
  • Troubleshoot errors and watch for new or recurring problems

The challenge that engineers face is accessing comprehensive, live streams of Kubernetes log data. While some solutions exist today, these are limited in their ability to live tail logs or tail multiple logs. In this article, we’ll present an all-in-one solution for live tailing your Kubernetes logs, no matter the size or complexity of your cluster.

The Limitations of Current Logging Solutions

When interacting with Kubernetes logs, engineers frequently use two solutions: the Kubernetes command line interface (CLI), or the Elastic Stack.

The Kubernetes CLI (kubectl) is an interactive tool for managing Kubernetes clusters. The default logging tool is the command (kubectl logs) for retrieving logs from a specific pod or container. Running this command with the --follow flag streams logs from the specified resource, allowing you to live tail its logs from your terminal.

For example, let’s deploy a Nginx pod under the deployment name papertrail-demo. Using kubectl logs --follow [Pod name], we can view logs from the pod in real time:

$ kubectl logs --follow papertrail-demo-76bf4969df-9gs5w 10.1.1.1 - - [04/Jan/2019:22:42:11 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0" "-"

The main limitation of kubectl logs is that it only supports individual Pods. If we deployed two Nginx pod replicas instead of one, we would need to tail each pod separately. For large deployments, this could involve dozens or hundreds of separate kubectl logs instances.

The Elastic Stack (previously the ELK Stack) is a popular open-source log management solution. Although it can ingest and display log data using a web-based user interface, unfortunately, it doesn’t offer support for live tailing logs.

What is Papertrail, and How Does It Help?

SolarWinds® Papertrail is a cloud-hosted log management solution that lets you live tail your logs from a central location. Using Papertrail, you can view real-time log events from your entire Kubernetes cluster in a single browser window.

When a log event is sent from Kubernetes to Papertrail, Papertrail records the log’s contents along with its timestamp and origin pod. You can view these logs in a continuous stream in your browser using the Papertrail Event Viewer, as well as the Papertrail CLI client or Papertrail HTTP API. Papertrail shows all logs by default, but you can limit these to a specific pod, node, or deployment using a flexible search syntax.

For example, let’s increase the number of replicas in our Nginx deployment to three. If we used kubectl logs -f, we would need to run it three times: one for each pod. With Papertrail, we can open the Papertrail Event Viewer and create a search that filters the stream to logs originating from the papertrail-demo deployment. Not only does this show us output from each pod in the deployment, but also Kubernetes cluster activity related to each pod:


Filtering a live stream of Kubernetes logs using Papertrail.

Sending Logs from Kubernetes to Papertrail

The most effective way to send logs from Kubernetes to Papertrail is via a DaemonSet. DaemonSets run a single instance of a pod on each node in the cluster. The pod used in the DaemonSet automatically collects and forwards log events from other pods, Kubernetes, and the node itself to Papertrail.

Papertrail provides two DaemonSets:

  • The Fluentd DaemonSet uses Fluentd to collect logs from containers, pods, Kubernetes, and nodes. This is the preferred method for logging a cluster.
  • The Logspout DaemonSet uses logspout to monitor the Docker log stream. This option is limited to log output from containers, not Kubernetes or nodes.

We’ll demonstrate using the Fluentd DaemonSet. From a computer with kubectl installed, download fluentd-daemonset-papertrail.yaml and open it in a text editor. Change the values of FLUENT_PAPERTRAIL_HOST and FLUENT_PAPERTRAIL_PORT to match your Papertrail log destination. Optionally, you can name your instance by changing FLUENT_HOSTNAME. You can also change the Kubernetes namespace that the DaemonSet runs in by changing the namespace parameter. When you are done, deploy the DaemonSet by running:

$ kubectl create -f fluentd-daemonset-papertrail.yaml

In a few moments, logs will start to appear in Papertrail:


Live feed of Kubernetes logs in Papertrail.

Best Practices for Live Tailing Kubernetes Logs

To get the most out of your logs, make sure you’re following these best practices.

Log All Applications to STDOUT and STDERR

Kubernetes collects logs from Pods by monitoring their STDOUT and STDERR streams. If your application logs to another location, such as a file or remote service, Kubernetes won’t be able to detect it, and neither will your Papertrail DaemonSet. When deploying an application, make sure to route its logs to the standard output stream.

Use the Fluentd DaemonSet

The Logspout DaemonSet is limited to logging containers. The Fluentd DaemonSet, however, will log your containers, pods, and nodes. In addition to logging more resources, Fluentd also logs valuable information such as Pod names, Pod controller activity, and Pod scheduling activity.

Open Papertrail Next to Your Terminal

When you’re working on Kubernetes apps and want to debug problems with Pods, have a browser window with Papertrail open either beside or behind your terminal window. This way you can see the results of your actions after you execute them. This also saves you from having to tail manually in your terminal.

Group Logs to Make Them Easier to Find

Kubernetes pods (and containers in general) are ephemeral and often have randomly generated names. Unless you specify fixed names, it can be hard to keep track of which pods or containers to filter on. A solution is to use log groups, which let you group logs from a specific application or development team together. This helps you find the logs you need and hide everything else.

Save Searches in Papertrail

Papertrail lets you save your searches for creating custom Event Viewer sessions and alerts. You can reopen previously created live tail sessions, share your sessions with team members, or receive an instant notification when new log events arrive in the stream.

Conclusion

Kubernetes logs help DevOps teams identify deployment problems and improve the reliability of their application . Live tailing enables faster troubleshooting by helping developers collect, view, and analyze these logs in real time. To get started in SolarWinds Papertrail, sign up and start logging your Kubernetes cluster in a matter of minutes.

Read more
1 0 308
Level 10

Jenkins X (JX) is an exciting new Continuous Integration and Continuous Deployment (CI/CD) tool for Kubernetes users. It hides the complexities of operating Kubernetes by giving developers a simpler experience to build and deploy their code. You can think of it as creating a serverless-like environment in Kubernetes. As a developer, you don’t need to worry about all the details of setting up environments, creating a CI/CD pipeline, or connecting GitHub to your CI pipeline. All of this and much more is handled by JX. In this article, we’ll introduce you to JX, show you how to use it, and how to monitor your builds and production deployments.

What is Jenkins X?

JX was created by James Strachan (creator of Groovy, Apache Camel, and now JX) and was first announced in March 2018. It’s designed from the ground up to be a cloud-native, Kubernetes-only application that not only supports CI/CD, but also makes working with Kubernetes as simple as possible. With one command you can create a Kubernetes cluster, install all the tools you’ll need to manage your application, create build and deployment pipelines, and deploy your application to various environments.

Jenkins is described as an “extensible automation server” that can be configured, via plugins, to be a Continuous Integration Server, a Continuous Deployment hub, or a tool to automate just about any software task. JX provides a specific configuration of Jenkins, meaning you don’t need to know which plugins are required to stand up a CI/CD pipeline. It also deploys numerous applications to Kubernetes to support building your docker container, storing the container in a docker registry, and deploying it to Kubernetes.

Jenkins pipeline builds are driven by adding a Jenkinsfile to your project. JX automates this for you. JX can create new projects (and the required Jenkinsfile) for you or import your existing project and create a Jenkinsfile if you don’t already have one. In short, you don’t need to know anything about Jenkins or Kubernetes to get started with JX. JX will do it all for you.

Overview of How JX Works

JX is designed to take all of the guesswork or trial and error approach many teams have used to create a fully functional CI/CD pipeline in Kubernetes. To make a tailored developer experience, JX had to choose which Kubernetes technologies to use. In many ways, JX is like a Linux distribution, but for Kubernetes. JX had to decide, from the plethora of tools available, which ones to use to create a smooth and seamless developer experience in Kubernetes.

To make the transition to Kubernetes simpler, the command line tool jx can drive most of your interactions with Kubernetes. This means you don’t need to know how to use kubectl right away; instead you can slowly adopt kubectl as you become more comfortable in Kubernetes. If you are an experienced Kubernetes user, you’ll use jx for interacting with JX (CI/CD, build logs, and so on) and continue to use kubectl for other tasks.

When you create or import a project using the jx command line tool, JX will detect your project type and create the appropriate Jenkinsfile for you (if it doesn’t already exist), define the required Kubernetes resources for your project (like Helm charts), add your project to GitHub and create the necessary webhooks for your application, build your application in Jenkins, and if all tests pass, deploy your application to a staging environment. You now have a fully integrated Kubernetes application with a CI/CD pipeline ready to go.

Your interaction with JX is driven by a few jx commands to set up and env, create or import an application, and monitor the state of your build pipelines. The developer workflow is covered in the next section. Generally speaking, once set up, you don’t need to interact with JX that much; it works quietly in the background, providing you CI and CD functionality.

Install Jenkins X

To get started using JX, install the jx binary. For Mac OS, you can use brew:

brew tap jenkins-x/jx brew install jx

Note: When I first tried to create a cluster using JX, it installed kops for me. However, the first time jx tried to use kops, it failed because kops wasn’t on my path. To address this, install kops as well:

brew install kops

Create a Kubernetes Cluster

JX supports most major cloud environments: Google GKE, Azure AKS, Amazon EKS, minikube, and many others. JX has a great video on installing JX on GKE. Here, I’m going to show you how to install JX in Amazon without EKS. Creating a Kubernetes cluster from scratch is very easy:

jx create cluster aws

Since I wasn’t using JX for a production application, I ran into a few gotchas during my install:

  1. When prompted with, “No existing ingress controller found in the kube-system namespace, shall we install one?” say yes.
  2. Assuming you are only trying out JX, when prompted with, “Would you like to register a wildcard DNS ALIAS to point at this ELB address?” say no.
  3. When prompted with, “Would you like wait and resolve this address to an IP address and use it for the domain?” say yes.
  4. When prompted with, “If you don’t have a wildcard DNS setup then set up a new CNAME and point it at: XX.XX.XX.XX.nip.io. Then, use the DNS domain in the next input” accept the default.

The image below shows you the EC2 instances that JX created for your Kubernetes Cluster (master is an m3.medium instance and the nodes are t2.medium instances😞

LG IntroJenkinsX 1
AWS EC2 Instances. © 2018 Amazon Web Services, Inc. or its affiliates. All rights reserved.

When you are ready to remove the cluster you just created, you can use this command (JX currently does not provide a delete cluster command):

kops delete cluster

Here’s the full kops command to remove the cluster you just created (you’ll want to use the cluster name and S3 bucket for all kops commands):

kops delete cluster --name aws1.cluster.k8s.local \ --state=s3://kops-state-xxxxxx-ff41cdfa-ede6-11e8-xx6-acde480xxxx

To add Loggly integration to your Kubernetes cluster, you can follow the steps outlined here.

Create an Application

Now that JX up and running, you are ready to create an application. The quickest way to do this is with the JX quickstart. In addition to the quickstart applications that come with JX, you can also create your own.

To get started, run create quickstart, and pick the spring-boot-http-gradle quick start (see the screenshot below for more details):

jx create quickstart

LG IntroJenkinsX 2
Creating a Kubernetes cluster using jx create cluster © 2018 Jenkins Project

Note: During the install process, I did run into one issue. When prompted with, “Which organization do you want to use?” make sure you choose a GitHub Org and not your personal account. The first time I ran this, I tried my personal account (which has an org associated with it) and jx create quickstart failed. When I reran it, I chose my org ripcitysoftware and everything worked as expected.

Once your application has been created, it will automatically be deployed to the staging environment for you. One thing I really like about JX is how explicit everything is. There isn’t any confusion between temporary and permanent environments because the environment name is embedded into the application URL (http://spring-boot-http-gradle.jx-staging.xx.xx.xx.xx.nip.io/).

The Spring Boot quickstart application provides you with one rest endpoint:

LG IntroJenkinsX 3
Example Spring Boot HTTP © 2018 Google, Inc

Developer Workflow

JX has been designed to support a trunk-based development model promoted by DevOps leaders like Jez Humble and Gene Kim. JX is heavily influenced by the book Accelerate (you can find more here), and as such it provides an opinionated developer workflow approach. Trunk-based development means releases are built off of trunk (master in git). Research has shown that teams using trunk-based development are more productive than those using long-lived feature branches. Instead of long-lived feature branches, teams create branches that live only a few hours, making a few small changes.

Here’s a short overview of trunk-based development as supported by JX. To implement a code change or fix a bug, you create a branch in your project, write tests, and make code changes as needed. (These changes should only take a couple of hours to implement, which means your code change is small.) Push your branch to GitHub and open a Pull Request. Now JX will take over. The webhook installed by JX when it imported your project will trigger a CI build in Jenkins. If the CI build succeeds, Jenkins will notify GitHub the build was successful, and you can now merge your PR into master. Once the PR is merged, Jenkins will create a released version of your application (released from the trunk branch) and deploy it (CD) to your staging environment. When you are ready to promote your application from stage to production, you’ll use the jx promote command.

The development workflow is expected to be:

  1. In git, create a branch to work in. After you’ve made your code changes, commit them and then push your branch to your remote git repository.
  2. Open a Pull Request in your remote git repo. This will trigger a build in Jenkins. If the build is successful, JX will create a preview environment for your PR so you can review and test your changes. To trigger the promotion of your code from Development to Staging, merge your PR.
  3. By default, JX will automatically promote your code to Stage. To promote your code to Production, you’ll need to run this command manually: jx promote app-name --version x.y.z --env production

Monitoring Jenkins X

Monitoring the status of your builds gives you insight into how development is progressing. It will also help you keep track of how often you are deploying apps to various environments.

JX provides you multiple ways to track the status of a build. JX configures Jenkins to trigger a build when a PR is opened or updated. The first place to look for the status of your build is in GitHub itself. Here is a build in GitHub that resulted in a failure. You can clearly see the CI step has failed:

LG IntroJenkinsX 4
GitHub PR Review Web Page. © 2018 GitHub Inc. All rights reserved.

The next way to check on the status of your build is in Jenkins itself. You can navigate to Jenkins in your browser or, from GitHub, you can click the “Details” link to the right of “This commit cannot be built.” Here is the Jenkins UI. You will notice Jenkins isn’t very subtle when a build fails:

LG IntroJenkinsX 5
Jenkins Blue Ocean failed build web page. © 2018 Jenkins Project

A third way to track the status of your build is from the command line, using the jx get activity command:

LG IntroJenkinsX 6
iTerm – output from jx get activity command © 2018 Jenkins Project

If you want to see the low-level details of what Jenkins is logging, you’ll need to look at the container Jenkins is running in. Jenkins is running in Kubernetes like any other application. It’s deployed as a pod and can be found using the kubectl command:

$ kubectl get pods NAME                      READY     STATUS    RESTARTS   AGE jenkins-fc467c5f9-dlg2p   1/1       Running   0          2d

Now that you have the name of the Pod, you can access the log directly using this command:

$ kubectl logs -f jenkins-fc467c5f9-dlg2p

LG IntroJenkinsX 7
iTerm – output from kubectl logs command © 2018 Jenkins Project

Finally, if you’d like to get the build output log, the log that’s shown in the Jenkins UI, you can use the command below. This is the raw build log that Jenkins creates when it’s building your application. When you have a failed build, you can use this output to determine why the build failed. You’ll find your test failures here along with other errors like failures in pushing your artifacts to a registry. The output below is not logged to the container (and therefore not accessible by Loggly):

$ jx get build log ripcitysoftware/spring-boot-http-gradle/master view the log at: http://jenkins.jx.xx.xx.xxx.xxx.nip.io/job/ripcitysoftware/job/spring-boot-http-gradle/job/master/2/console tailing the log of ripcitysoftware/spring-boot-http-gradle/master #2 Push event to branch master Connecting to https://api.github.com using macInfinity/****** (API Token for accessing https://github.com Git service inside pipelines)

Monitoring in Loggly

One of the principles of a microservice architecture, as described by Sam Newman in Building Microservices, is being Highly Observable. Specifically, Sam suggests that you aggregate all your logs. A great tool for this is SolarWinds® Loggly. Loggly is designed to aggregate all of your logs into one central location. By centralizing your logs, you get a holistic view of your systems. Deployments can trigger a change in the application that can generate errors or lead to instability. When you’re troubleshooting a production issue, one of the first things you want to know is whether something changed. Being able to track the deployments in your logs will let you backtrack deployments that may have caused bugs.

To monitor deployments, we need to know what’s logged when a deployment succeeds or fails. This is the message Jenkins logs when a build has completed:

INFO: ripcitysoftware/spring-boot-http-gradle/master #6 completed: SUCCESS

From the above message, we get a few pieces of information: the name of the branch, which contains the Project name ripcitysoftware/spring-boot-http-gradle and the branch master, the build number #6, and finally the build status SUCCESS.

The metrics you should monitor are:

  • Build status – Whether a build was a success or failure
  • The project name – Which project is being built
  • The build number – Tracks PRs and releases

By tracking the build status, you can see how often builds are succeeding or failing. The project name and build number tell you how many PRs have been opened (look for “PR” in the project name) and how often a release is created (look for “master” in the name).

To track all of the above fields, create one Derived Field in Loggly called jxRelease. Each capture group (the text inside of the parentheses) defines a unique Derived Field in Loggly. Here is the regex you’ll need:

^INFO:(.*)\/.*(master|PR.*) #(.*\d) completed: ([A-Z]+$)$

Here’s the Jenkins build success log-message above as it appears in Loggly after we’ve created the Derived Field. You can see all the fields we are defining highlighted in yellow below the Rule editor:

LG IntroJenkinsX
Loggly – Derived Field editor web page.  © 2018 SolarWinds Worldwide, LLC. All rights reserved.

Please note that Derived Fields use past logs only in the designer tool. Loggly only adds new derived fields to new log messages. This means if you’ve got an hour of Jenkins output already sent to Loggly and you create the jxBuildXXX fields (as shown above), only new log messages will include this field.

In the image below, you can see all the Derived Fields that have been parsed in the last 30 minutes. For jxBuildBranchName, there has been one build to stage, and it was successful, as indicated by the value SUCCESS. We also see that nine (9) builds have been pushed to stage, as indicated by the jxBuildNumber field.

LG IntroJenkinsX 9
Loggly Search Results web page.  © 2018 SolarWinds Worldwide, LLC. All rights reserved.

Now that these fields are parsed out of the logs, we can filter on them using the Field Explorer. Above, you can see that we have filtered on the master branch. This shows us each time the master branch has changed. When we are troubleshooting a production bug, we can now see the exact time the code changed. If the bug started after a deployment, then the root cause could be the code change. This helps us narrow down the root cause of the problem faster.

We can also track when master branch builds fail and fire an alert to notify our team on Slack or email. Theoretically, this should never happen, assuming we are properly testing the code. However, there could have been an integration problem that we missed, or a failure in the infrastructure. Setting an alert will notify us of these problems so we can fix them quickly.

Conclusion

JX is an exciting addition to Jenkins and Kubernetes alike. JX fills a gap that has existed since the rise of Kubernetes: how to assemble the correct tools within Kubernetes to get a smooth and automated CI/CD experience. In addition, JX helps break down the barrier of entry into Kubernetes and Jenkins for CI/CD. JX itself gives you multiple tools and commands to navigate system logs and track build pipelines. Adding Loggly integration with your JX environment is very straightforward. You can easily track the status of your builds and monitor your apps progression from development to a preview environment, to a staging environment and finally to production. When there is a critical production issue that you are troubleshooting, you can look at the deployment time to see if changes in the code caused the issue.

Read more
0 0 244
Level 9

Are you an administrator who’s supporting a small environment, and haven’t yet had the time or budget to invest in a centralized IT monitoring toolNo doubt you are tired of coworkers showing up at your desk or calling about an outage you weren’t yet aware of. If an enterprise-class solution would be overkill, but you don’t have the budget to purchase a licensed solution, ipMonitor Free Edition might be able to bridge that gap. 

ipMonitor Free Edition is a fully functional version of our ipMonitor solution for smaller environments.  It’s a standalone, free tool that helps you stay on top of what is going on with your critical network devices, servers, and applications—so you know what’s up, what’s down, and what’s not performing as expected. 

ipMonitor Free Edition at a Glance

  • Clear visibility of IT network dev !ice, server, and application status
  • Customizable alerting with optional automatic remediation
  • Simple deployment with our startup wizard and alerting recommendations
  • Lightweight installation and maintenance

ipMonitor Free Edition is an excellent starting point to more robust, centralized monitoring. It is designed for network and systems administrators with small environments or critical components they need to focus on, and can support up to 50 monitors. Monitors watch a specific aspect of a device, service, or process. Example monitors include: Ping, CPU, memory or disk usage, bandwidth, and response time.

Interested in giving it a try?  Download ipMonitor Free Edition today.  If you have any questions, head over to the ipMonitor product forum and start a discussion. 

Are you an administrator who’s supporting a small environment, and haven’t yet had the time or budget to invest in a centralized IT monitoring tool[MJ1] ? No doubt you are tired of coworkers showing up at your desk or calling about an outage you weren’t yet aware of. If an enterprise-class solution would be overkill, but you don’t have the budget to purchase a licensed solution, ipMonitor® Free Edition [MJ2] [WK3] might be able to help you bridge the gap.


[MJ2]Link to free edition PDP

[WK3]https://www.solarwinds.com/free-tools/ipmonitor-free

Read more
2 0 306
Level 10

Calling network engineers, network architects, and network defenders alike. We are happy to announce the arrival of the all-new SolarWinds® Flow Tool Bundle.

With this free tool, you can quickly distribute, test, and configure your flow traffic. Showcasing some of SolarWinds signature flow traffic analysis capabilities, the Flow Tool Bundle offers three handy, easy-to-install network traffic analysis tools: SolarWinds NetFlow Replicator, SolarWinds NetFlow Generator, and SolarWinds NetFlow Configurator.

So, what exactly can you do with this new addition to the vast family of SolarWinds free tools?

Here’s the breakdown:

SolarWinds NetFlow Replicator

  • Configure devices to send flow data to a single destination, then replicate the flows to a general-purpose flow analysis platform or even to a security analysis platform
  • Split off production flow streams to test new versions of the flow collector
  • Run sampled flow streams to multiple destinations or only to the destinations you designate
  • Reduce traffic through costly or low-bandwidth WAN links to decrease the volume of network management traffic
  • Enable segmentation of the managed domain to separate destination analysis platforms

SolarWinds NetFlow Generator

  • Troubleshoot flow tools to confirm that locally generated simulated traffic is visible in the tool
  • Validate the behavior of load balancing architectures
  • Test firewall rules that span across a network or those that are implemented on a host to confirm that flow traffic can be received
  • Perform performance and capacity lab testing
  • Perform functional testing to confirm that flow volumes are accurately represented
  • Test trigger conditions for newly created alerts and reset the alert behavior
  • Test new NetFlow application definitions
  • Populate traffic for demo environments

SolarWinds NetFlow Configurator

  • Analyze network performance
  • Activate NetFlow and find bandwidth hogs
  • Bypass the CLI with an intuitive GUI
  • Set up collectors for NetFlow data
  • Specify collector listening ports
  • Monitor traffic data per interface

How do you plan on using your Flow Tool Bundle? Install it today and let us know how you have been leveraging these awesome new free tools!

For more information about the SolarWinds Flow Tool Bundle, have a look at this page. You can also access the Quick Reference Guide on THWACK.

Read more
6 1 3,109
Level 12

This time of year is always exciting. The seasons change (depending on where you live), commercial buying season ramps up, and shopping lines resemble those of an amusement park in summer. The year is coming to an end, and we are busy shopping, making holiday preparations, traveling, and coming together with family to eat, exchange gifts, and be merry.

I’d wager access rights management doesn’t have a top spot on your holiday list. That’s ok. The topic doesn’t exactly exude that cozy holiday feeling. On the contrary, it might make you slightly uncomfortable. 

Most IT environments consist of tens, hundreds, or even thousands of servers. Those servers have thousands to tens of thousands of folders, groups, and paths. How can you really know who has access to what? Is your data safe? You have, no doubt, installed security monitoring and protection solutions to help protect the data in those folders and files. You’ve done everything you can, right? Despite all those protections, you still have users with access—but you don’t know who. You don’t know what. In fact, if someone asked you who has access to what, you probably couldn’t answer. It’s a hard question to field unless you have a solution in place giving you the visibility you need. Of course, if an auditor does ask you to answer these questions, your holidays could be spent digging through folders and directories to compile information and provide answers.

SolarWinds® Access Rights Manager (ARM) helps solve these challenges and more:

  • ARM provides a detailed overview of your users’ access rights, allowing you to easily visualize and show where access to resources has been granted erroneously
  • ARM enables standardization and automation of access rights, so you can easily apply the appropriate rights to users through templates
  • ARM helps demonstrate compliance and prevents insider data leakage by helping you achieve the principle of least privilege and giving you full auditability of user access over time

Let’s dig into this further.

ARM gives a detailed overview of your users’ access rights

The Active Directory group concept is essential for every administrator. These groups grow organically, and after years of existence and use, they often build up to complex group nesting structures. ARM gives you back control over these group structures.

The ARM AD Graph visualizes group structure and depth. Structural problems with these groups become transparent through this visualization.

pastedImage_0.png

In addition to the visualization provided by the AD Graph, the ARM dashboard allows a detailed analysis of the group nesting structures and circular nested groups. This enables administrators to work on the weak spots in the AD group structure, establish a flat group structure, and meet Microsoft best practices for group management.

With ARM, the issues related to lack of identifiable structures—or giving permissions to too many or the wrong people/groups—belong to the past. Once the group structure has been optimized, ARM allows you to compare any recorded access rights period with your current structure, and shows changes along with documented reasoning.

ARM enables standardization and automation of access rights

Compliance regulations, such as FISMA, GDPR, SOX, PCI DSS, BSI, and others, require administrators to adopt a high level of responsibility to ensure data is protected. Insider data leakage can cost companies large monetary sums in addition to lost customer, vendor, and reseller trust if data gets into the wrong hands. But it’s not always the headline-making data leak issues that harm companies. Employees leaving a company and taking valuable data with them is almost guaranteed without a cohesive access rights strategy to manage, control, and audit user rights—for users throughout the whole company.

ARM standardizes access rights across users and gives administrators a comprehensive tool to define, manage, monitor, and audit user access to resources across Active Directory, Exchange, SharePoint, and all your file servers.

pastedImage_2.png

ARM empowers administrators to predefine certain roles within the company, efficiently grant or deny rights with one click, and display all higher-level permissions in an easy-to- monitor overview. These different roles can be assigned a data owner (e.g., for department heads) to distribute control for managing access to resources the data owner is responsible for. In addition, this establishes a mindset of distributed access rights control to help ensure users with accurate access rights knowledge are granting and/or denying access appropriately.

Data owners, team leads, and IT professionals can be granted access to change personal information about a user, create or delete user accounts, reset passwords, unlock user accounts, or change group memberships centrally from within ARM. This allows the duties and tasks around access rights management to be shared while following standards to ensure full auditability.

ARM helps demonstrate compliance and prevents insider data leakage

Threats can emerge from the outside as well as the inside. Insider abuse can be a leading cause of data leakage. Of course, it’s not always a malicious insider; in many cases, data leakage is caused by negligent users who have access to resources, and are either compromised or take actions that inadvertently lead to data leakage. ARM takes special care to audit all changes within the ARM Logbook. The Logbook report enables admins and auditors to report on events and persons as needed to support investigations or auditor questions.

ARM also includes automated reports designed to meet regulatory compliance initiatives, such as NIST, PCI DSS, HIPAA, and GDPR. The flexible reporting views allow you to ask questions to quickly generate a report, which can be exported in an audit-ready format.

As mentioned earlier, ARM allows access rights management to be delegated to assigned staff members—placing control of the access rights assignment with the data owners that know their data. Changes made by these data owners are also audited so nothing goes unmonitored. ARM is designed to make your job easier—it helps you answer the questions you need to answer.

ARM is our gift to you this holiday season. It aligns with the SolarWinds mission to make your job as an IT technology professional easy. With Access Rights Manager, we make security easier too; we call it security simplified. If you are thinking of what you can do for yourself this holiday season, consider SolarWinds Access Rights Manager. It could turn out to be the gift that keeps on giving.

Read more
1 0 670
Level 9

Have you adopted Azure cloud services into your IT infrastructure? And do you know how much you paid last month and for what? And what about forecasting? Are you able to forecast your Azure spending in the current month? If the answer is no, don’t worry, you are not the only one. Unfortunately, Azure billing is really complicated with more than 15,000 SKUs available, and each have their own rate. But SolarWinds is here to help you! We’re proud to introduce a brand new free tool in our portfolio!

Cost Calculator for Azure is a standalone free tool that can help you discover how much you are paying for your Azure cloud services. It is as easy as it could be – you put the credentials of all your Azure accounts into the tool, so it can do all the work for you, telling you how much you really pay and for what specifically. This tool is designed to help all budget holders and SysAdmins of any sized-business who are responsible for cloud resources in their companies.

Cost Calculator for Azure at a glance:

  • No installation
  • Support
  • Show cost of all assigned Azure accounts and their subscriptions plans. There is no need to have more instances and work with Excel spreadsheet to have an overall number.
  • Show spending in current month, last month, last quarter, or year? Still not enough? You can set up your own timeframe that fits you.
  • Find orphaned objects
  • Consolidate all spending and show the final expense in users‘ preferred currency.
  • Filter spending

As you can see, Cost Calculator for Azure is a lightweight and easy to use tool that can help make your IT professional life a little bit easier thanks to better forecasting of your Azure cloud spending. And the best thing comes at the end – Cost Calculator for Azure is available completely for FREE!

So, why don’t you give a try? Click the link below to download your Cost Calculator for Azure free tool by SolarWinds. No installation needed.

Cost Calculator for Azure – Download Free Tool

Read more
0 1 266
Level 17

pastedImage_0.png

Did you ever dream you had a Ferrari® parked in your garage? How about a Porsche®? Or perhaps a finely engineered Mercedes-Benz®?

When I was eight years old, my father briefly flirted with the idea of buying a Ferrari. He was 38. I don't believe additional explanation is needed. However, as the oldest child, it was my privilege to accompany Dad to the showroom. And there, right next to the 308 GTB was a Ferrari bike. No, not a motorcycle. A regular pedal-with-your-feet bicycle. And I knew at that moment that this car was my destin... I mean my Dad's destiny. And that bike leaning beside it was mine, Mine, MINE!

You may be asking yourself why Ferrari would bother making a bicycle?

The obvious answer is "marketing." With a cheeky smile, Ferrari can say "anyone can own a Ferrari." But there's more to it.

Before I dive into the OTHER reason why, I just want to point out that car-manufacturer-bicycles is not just a thing with Ferrari. The trend started in the late 1800s with European car maker Opel® and includes Peugeot, Ford®, Mercedes-Benz, BMW®, and Porsche.

So what's the deal?

Some companies, like Opel, started with bicycles (they ACTUALLY started with sewing machines) and built up their mechanical expertise in sync with the rise of automobile technology. But most decided to build bikes as a side project. I imagine that the underlying message went something like this:

"Our engineers are the best in the world. They understand the complex interplay of materials, aerodynamics, maneuverability, and pure power. They are experts at squeezing every possible erg of forward thrust out of the smallest turn of the wheel. While we are used to operating on a much larger scale, we want to showcase how that knowledge and expertise translates to much more modest modes of conveyance. Whether you need to travel across the state or around the corner, we can help you get there."

I was thinking about that Ferrari bicycle, and the reasons it was built, as I played with ipMonitor® the other day.

For some of you reading this, ipMonitor will be an old and trusted friend. It may even have been your first experience with SolarWinds® solutions.

Some quick background: ipMonitor became part of the SolarWinds family in 2007 and has remained a beloved part of our lineup. ipMonitor is nimble, lightweight, and robust. A standalone product that installs on any laptop, server, or VM, ipMonitor can help you collect thousands of data points from network devices, servers, or applications. It's simple to learn, installs in minutes, and even comes with its own API and JSON-based query engine. Users tell us it quite literally blows the doors off the competition, and even reminds them of our more well-known network monitoring software like Network Performance Monitor (NPM) and Server & Application Monitor (SAM) server monitoring software.

Which is exactly why I remembered that Ferrari bicycle. It also was nimble, lightweight, and robust—a standalone product that could be implemented on any sidewalk, playground, or dirt path. It installed in minutes with nothing more than a wrench and a screwdriver, and epitomized the phrase "intuitive user interface."

And, like comparisons of ipMonitor to NPM, my beloved Ferrari bike was amazing until it came time to add new features or scale.

Much like the Ferrari bicycle, ipMonitor was designed by engineers who understood the complex interplay of code, polling cycles, data queries, and visualizations. Developers who were used to squeezing every ounce of compute out of the smallest cycle of a CPU. While used to creating solutions on a much larger scale, ipMonitor let us showcase how that knowledge and expertise translated to much more modest system requirements.

ipMonitor is designed to perform best in its correct context. For smaller environments with modest needs, when more feature-rich monitoring tools aren’t viable, it can be a game-changer. That Ferrari bicycle was an amazing piece of engineering—until I needed to bring home four bags of groceries or get to the other side of town. Likewise, ipMonitor is an amazing piece of engineering, but, as I said, in its correct context.

When you need "bigger" capabilities, like network path monitoring; insight into complex devices like load balancers, Cisco Nexus®, or stacked switches; application monitors that run scripted actions in the language of your choice; monitoring for containers and cloud; and so on, that's where the line is drawn between ipMonitor and solutions like NPM and SAM. It's not that we've deliberately limited ipMonitor, any more than Ferrari "limited" their bicycle so that it didn't have cruise control or ABS breaking. Of course, this isn't an either-or proposition. No matter your monitoring needs, we've got a solution that fits your situation.

So, consider this your invitation to take ipMonitor for a spin. Even if you own our larger, luxury models, sometimes it's nice to get out and monitor with nothing but the feel of the SolarWinds in your hair.

Read more
2 13 2,459
Level 14

Hello fellow data geeks! My name is Joshua Biggley and I am an Enterprise Monitoring Engineer for a Fortune 15 company. I’m also fortunate enough to be a remote worker on part of an amazing team. One of my favourite career achievements was to be named Canada’s only SolarWinds THWACK Community MVP in 2014.

I joined the THWACK Community in 2008, shortly after moving to beautiful Prince Edward Island on the East Coast of Canada. I’ve attended THWACKcamp for at least one session since its inception 7 years ago, but have been a regularly attendee for the past 4 years.  Humble brag moment -- I had the opportunity to join Leon Adato (@adatole) and Kate Asaff (@kasaff) for THWACKcamp 2016 in presenting the session Troubleshooting with SolarWinds - The Case of the Elusive Root Cause. Leon has been a friend and (short-lived) colleague since 2014 and Kate has quite literally saved my bacon in one of my biggest challenges as a Monitoring Engineer. Sharing the THWACKcamp stage with these two superheros was beyond awesome!  Last year, I was humbled to have my team and I win the Carmen Sandiego Award at THWACKcamp 2017. Our team is entirely remote engineers and having our work recognized for both the high-performance technical and inter-team collaboration we embrace was a highlight of my year.  Will 2018 be able to top it?

I think these two sessions will give 2017 a run for its money, even if I don’t win another THWACK award!

Day 2

Oct 18 @ 10AM CT

What Does It Take to Become a Practice Leader?

Too many organizations view monitoring, alerting, and event management as a necessary evil. It is often relegated to the “All other duties as assigned by your supervisor” category. As organizations mature, finding monitoring engineers becomes a challenge. It’s not just about someone who knows how to use the SolarWinds products you own (you are using SolarWinds products, aren’t you?) but finding someone who can explain why monitoring, alerting, and event management are so important. They need to explain to their peers, their management, and the business why monitoring needs to be a practice not an afterthought. They need to be a data geek. They need to be a storyteller.

Patrick Hubbard, Phoummala Schmitt, and Theresa MIller bring decades of experience and, more important, are recognized leaders in the industry. Discovering how they went from junior analyst to practice leaders will help me understand explain to others how to make that journey. As a practice leader in my full-time job as well as freelance work, being able to help others understand that they can be leaders is crucial to the health of monitoring as a practice. My colleagues and I have worked very hard to elevate monitoring to the respect it deserves. In 2019, we will be starting an internal Community of Excellence that focusing on monitoring, alerting, and event management plus my very favourite new focus -- observability!

Day 1

Oct 17 @ 12PM CT

Observability: Just A Fancy Word for Monitoring? A Journey From What to Why

Observability and high-cardinality data are sultry words to any data geek. Observability was introduced in the 1960s as part paper written by Rudolf E Kálmán entitled “On the General Theory of Control Systems”. If the status of a system can be known simply by examining the outputs of that system, the system is considered observable. In recent years, the idea of observability has been embraced by systems engineers as applications have moved from bare-metal to virtualized to containerized to serverless. Instead of monitoring the things that allow your system to do what it does, we’re now measuring how the system does what it does without much concern for why.

Of all of the sessions as THWACKcamp 2018, this is the one I would want every engineer, every application developer, every CTO --- OK, pretty much everyone who is involved in building, supporting, and managing any critical application anywhere -- to watch. Application Performance Management is coming to every organization. If you deliver any services through an application, APM provides the insight and observability is the methodology for measuring those insights.

Do I sound a little passionate about observability?  What?!? Only a little?!? Observability is my new passion. I recently wrote a white paper that defined an APM strategy and the foundation was observability. This idea of observability is probably the most important shift in our industry in 20 years. Unnecessary hyperbole? Maybe, but I think there are seminal moments in every industry and this focus on observability is going to be one of them. I’m Canadian, would I steer you wrong?

Read more
4 3 437

Dashboards are important. Your NOC is an essential avenue for collecting and relaying information about your network, and combined with a finely crafted set of alerts there’s nothing that can get past you. Not only are dashboards effective, but they just look so stinkin’ awesome when done properly. In this post I’m going to focus on my ‘Dashboard Philosophy,’ which is all about efficiency, information, and design. A dashboard should display the most data possible in the space that you have, it should include pertinent information that summarizes your environment, and it should look good doing it. Let’s talk about what the SolarWinds® Orion® Platform brings to the table to help make our dashboards the best they can be.

  1. NOC Views

Using the NOC view feature is a must. These space-saving views allow you to combine multiple sub-views that can be set on a rotation. Creating one is easy: simply add a new summary view, edit it, then enable left navigation and the NOC view feature. Here you can enter an interval for how often the NOC view rotates between individual sub-views. If you aren’t using NOC views, you’re wasting valuable space on your dashboards! Enter NOC mode, full-screen your browser window, and bask in the glory of a massive canvas to display all your fancy metrics and charts. Rob Boss would be proud.

     2. Network Atlas

Admit it, you both love and hate Network Atlas. It’s an incredibly useful tool that requires a bit of extra patience, but the results can be amazing once you get the hang of it. As Henry David Thoreau probably once said, “SolarWinds Network Atlas is but a canvas for your imagination…” or something like that. Check out this amazing example from THWACK® user spzander​:

pastedImage_17.png

Hungry for more? Here is some of my favorite THWACK content for tuning your Network Atlas skills and getting the creative juices flowing:

10 Hidden Gems in Orion Network Atlas

Using Custom Properties to send messages to your NOC using Network Atlas

The “Show us your Network Atlas Maps” thread

     3. PerfStack

With the release of NPM 12.1 came a game-changing new feature… PerfStack. This new charting tool allows you to quickly and easily create attractive charts that contain the data you need while optimizing page space. PerfStack is what makes you, the monitoring professional, shine when an application owner is looking for a way to view monitoring data for their systems. Check out the original release notes for PerfStack here. Since its first iteration, the SolarWinds team has been putting a lot of work into this tool. With PerfStack 2.0, they have added support for many major Orion modules including VMAN, SAM, VNQM, NCM, and DPA, along with a pile of new features such as fast polling, syslog/trap support, quick links, and full screen mode (which makes a great dashboard). As of this post, the next iteration of PerfStack is available in the latest NPM 12.3 Release Candidate and includes… drumroll please… A PERFSTACK WIDGET FOR YOUR DASHBOARDS!

pastedImage_18.png

Here we have a node detail view… WITH PERFSTACK! You can do the same thing with any view type in Orion, including Summary Views (which means dashboards). For dashboard nerds such as myself, this is truly a good day. Sign up for the NPM RC program for more details and awesome sneak peeks at what SolarWinds is doing to improve tools like PerfStack.

     4. AppStack

This is really one of the most efficient ways to display a mass amount of information in such a small space. AppStack is a one-size-fits-all tool that will satisfy your devs, their managers, and your director. An efficient dashboard should have MAXIMUM information in MINIMUM space, and AppStack is the answer. Whether you only have SAM or you’re running multiple products on the Orion platform the AppStack widget gives you a flexible, filterable, and fun-tastic (I couldn’t think of another word that started with ‘f’) resource to add to your dashboards and NOC views. There’s not much more to say. It’s the perfect widget for my Dashboard Philosophy.

pastedImage_19.png

     5. SWQL and Other Advanced Methods

Are you a dev nerd? Do you like to yell at code until it bends to your will? Are you ready to bring your SolarWinds deployment to an unreasonably awesome level? With a little bit of fidgeting and some help from THWACK, you can create your own charts, tables, dashboards, maps, and much more. Check out this post from THWACK MVP CourtesyIT, which has a master list of all the amazing ideas and customizations that have been posted in the community. Be sure to check out the section from THWACK MVP wluther:  he’s got some great content specifically tailored to dashboards. One thing to always keep in mind when using more advanced methods… SolarWinds support may not be able to assist you with the bending of spacetime. Fidget at your own risk!

In my opinion, one of the most powerful tools for creating custom resources is SWQL, the SolarWinds Query Language. With it, data is your slave. THWACK MVP mesverrum makes it easy in this post, where he provides an awesome example of how to create your own custom SWQL tables.

     Results

Let’s put all this together and create a shiny new dashboard that follows the idea of efficiency, information, and design. We need something that doesn’t waste space, contains useful data, and looks awesome. Something like this:

pastedImage_20.png

First thing’s first… we’re using the NOC view, indicated by the black bar at the top with the circles in the upper-right corner that represent the various sub-views in rotation. We have a map from Network Atlas (upper left), a PerfStack project added as a widget (lower left), AppStack (lower right), and a custom SWQL table that displays outage information (check out mesverrum​'s post about it here).

And there we have it! Five useful tools that you can use to make your dashboards amazing. Be sure to post your creations in the community. Here are some threads for NOC views and Network Atlas maps. Now go forth and dashboard!

Read more
36 25 6,368
Level 9

Let’s be honest, all of us need an SSH client from time to time. And when that SSH client is needed, most of us just use the standard PuTTY tool without question. Does this mean that PuTTY is a really good tool? Sure, it is… but could it be even better? We believe so. And we decided to prove it.

After months of development, we’re happy to introduce you to SolarWinds® Solar-PuTTY, an enhanced version of the most popular SSH client on the internet. We like PuTTY for its reliability and speed. And when you have to change anything on the server remotely, it’s still a decent choice… until you need to manage saved sessions, or if you’d like to connect to more servers at one time, or if you want to use the same script 100 times.

In all these scenarios, PuTTY has its limits. And at SolarWinds, we don’t like limits. So, we went beyond them and pushed PuTTY to the next level.

So, what are the key benefits of using Solar-PuTTY as your SSH client?

  • A new, fresh, browser-like interface—it’s easy to navigate, and everything is available in just a few clicks
  • Manage multiple sessions from a single console with a tabbed interface—you don’t have to run countless instances of the tool when you need work on more machines at the same time. All sessions are available in a single console with info about the name and status
  • Save your sessions, credentials, or private keys for easy login—you can access any saved session from the homepage with a single click. Usernames, passwords, and private keys can be stored and linked to one or multiple sessions when it’s needed
  • Filter saved sessions based on IP address, hostname, login, or tags—start typing into a search bar, and Solar-PuTTY will apply the filter in real time.
  • Automate all scripts you’re using when a connection is established—is there a set of commands you need to use right after initializing a telnet connection? When you need just a minute to do it one time, it sounds like no big deal… but what about a situation where you need to do it 100 times per a day? Save the script once and let Solar-PuTTY do it automatically
  • Auto-reconnect to a timed-out session—what if something goes wrong? Solar-PuTTY gives you details about what happened and the option to reconnect to the server with a single click. You don’t have to set up everything from scratch
  • Last but not least, Solar-PuTTY is available for free

As you can see, Solar-PuTTY keeps all the strengths of the original open source tool and adds the most-demanded features to bring you the best possible experience with SSH clients on the market. It’s time to say goodbye to Excel® spreadsheets and start managing your remote sessions in a more professional way.

What are you waiting for? Click the link below to download your Solar-PuTTY free tool by SolarWinds. No installation needed.

Solar-PuTTY Software – Download Free SSH Client

Read more
2 1 369
Level 12

You’ve been asking and we’ve been listening.  We are excited to announce that the newest member of the SolarWinds product family, Log Manager for Orion, is now available for trial.  Built on the Orion Platform, Log Manager provides unified infrastructure performance and log data in a single console. No need to hop back and forth between your infrastructure and log monitoring tools.

Through platform integration with Network Performance Monitor, Server & Application Monitor, and other Orion based products, Log Manager closes the gap between performance and log data.  With Log Manager you get:

  • Log aggregation
  • Filtering by Log Type, Level, Node name, IP Address, and more
  • Keyword, IP address, and Event ID search
  • Interactive log charting
  • Color-coded event tagging

To learn more about Log Manager, visit the Log Manager Thwack Forum or to try for yourself in your environment, download a free trial.

Read more
0 3 588
Level 10

Let’s face it. Traceroute is not what it used to be.

Van Jacobson and Steve Deering created the original “Traceroute” in 1987. They discovered it by editing the IPv4 packet header’s TTL field, so that they could derive a path from the packets being taken from each network hop. Network professionals quickly realized how valuable this tool was in terms of solving daily network issues. However, in recent years, Traceroute has not scaled to adapt to modern technologies, and has lost most of its useful functionality.

We note the following issues: When probing the network, the ICMP and UDP packets are blocked. The paths that the tool indicates, often don’t exist. And, ridiculously enough, there is no history function available. Even Ping has that! The list of issues is so vast that we’ve actually been able to find scholarly journal articles on the subject.

What’s the good news? The good news is that SolarWinds fixed Traceroute, and is offering it for free!

SolarWinds® Traceroute NG is a standalone free tool that effectively offers path analysis visibility via a CLI. By all standards, it’s a new, improved, and fully functional version of the older Traceroute generation tool. Yielding results in mere seconds, it provides an accurate single path from source to destination, and notifies users when the path is changed.

This new and improved version of Traceroute delivers the following information:

  • Number of hops
  • IP addresses
  • Fully qualified domain names (FQDNs)
  • Packet loss measured as a percentage
  • Current latency and average latency (ms)
  • Continuous probing that yields an iteration number for the user
  • Probe type used (if TCP, it also shows the port probed)
  • Issues (change in path, inability to reach destination)

SolarWinds Traceroute NG is able to get through firewalls, supports IPv6 networks, and can create a txt logfile containing the path number, probing time from source to destination, number of hops, IP addresses, FQDN, packet loss percentage, and average latency. It’s also able to copy data from the screen via the clipboard (copy/paste functionality), switch the probe type between ICMP and TCP using the switch command, and enable logging using the logging command, all while you’re probing simultaneously.

To sum it all up, Traceroute NG by SolarWinds brings back the power of the old Traceroute with new functionalities and capabilities that are adapted to modern technologies, so that you may once again reign supreme over the paths of your network, and never be lost when probing your long journey across the vast world wide web.

We hope you will enjoy this powerful new free tool. Click on the link below to download your Traceroute NG free tool by SolarWinds.

Traceroute NG Software - Download Free Traceroute Tool | SolarWinds

To find out more about what you can do with SolarWinds Traceroute NG, be sure to have a look at this article: Troubleshoot your network with a new free tool – Traceroute NG


Read more
2 17 1,799
Level 9

Are IP requests for virtual machines overwhelming your current IP address management practices?  You are not alone. In a June 2016 survey of IP Address Manager customers[1], 46% of respondents stated that virtual machines were creating challenges for managing IP addresses for their company.

Independent author Brien Posey explores this topic in the whitepaper “Overcoming IP Address Management Challenges in VMware Environments.” A challenge with virtual environments is that their dynamic nature can quickly lead to depleted address pools if IP addresses are not quickly de-provisioned. Utilizing DHCP services is a less than ideal solution, as IPs can be tied up by lease expiration dates. Using manual processes for provisioning IP addresses is another option, but this can be slow, error-prone, and limit the dynamic scaling of virtual environments. DNS records obviously must also be updated in tandem.

A solution to overcoming these IP address management challenges is fully automating the process of provisioning IP addresses and updating DNS records. VMware developed vRealize® Automation (vRA) to automate tasks in virtual environments. However, as Brien discusses, vRA was not designed to be a comprehensive IP address management solution, thus the need for third-party solutions to fill this gap. SolarWinds® IP Address Manager (IPAM) helps overcome this limitation by providing a plug-in for VMware® vRealize Orchestrator (vRO). The plug-in provides actions and workflows critical for managing IP addresses and DNS records. These actions and workflows integrate with vRA and enable the creation of blueprints to automate the provisioning and de-provisioning of VMs.

To learn more about this topic, please read Brien Posey’s whitepaper, and attend the live webcast coming up February 21, where our very own IPAM Product Manager Connie Dowdle will take you through a demonstration of the plug-in and the latest and greatest that SolarWinds IPAM 4.6 has to offer.


IP Address Manager customer survey, June 2016, survey result


Read more
1 1 376
Level 9

Survey-word-cloud_new.png

Reliable, recoverable backups have always been fundamental to a well-run data center. But the technology we use to accomplish that goal keeps reinventing itself. The old systems never quite go completely away, even as newer options come onto the scene. Too often, this results in a complicated mix of tools and media that can be a real headache to manage.

At one point, tape was the only storage medium, and the ubiquitous Iron Mountain® trucks hauled loads of tapes from place to place on a regular schedule. While those trucks haven’t gone away, today, they’re supplemented with disk and cloud storage.

Do you remember the simple days, when physical servers were the only thing needing protection? Traditional backup products were designed for this world, but increasing adoption of server virtualization led to new market leaders, like Veeam, with a virtual-first approach. Then laptops and an array of mobile devices needed protection.

Then came the cloud and SaaS applications. Every vendor sought to update their offerings to cover new use cases, new devices, and new storage options. Complexity multiplied, and prices went up and up.

Where does that leave you today?

In November, we surveyed the THWACK® community on server backup, and learned a lot. We heard from more than 500 of you that backup is too complicated, too time consuming, and too expensive.

Here are the top backup-related pain points our survey respondents listed:

Survey-issues_new.png

We also learned, not surprisingly, that you’re using a diverse mix of products that represent every era of backup history. The largest section of the pie was “other”.

pie_new2.png

We believe there’s a better way. We decided to approach the problem with a few guiding principles:

  • Simplicity – One backup product for physical and virtual servers, for one price that includes software and storage. No add-ins or options, no hidden costs.
  • Ease of use – One web-based console to see all backup status at a glance, and drill down as needed.
  • Reliability – Easy to deploy, clean, efficient dashboard. Our customers tell us it “just works.”
  • Powerful technology under the hood – Innovative features working in the background to make backups and restores fast and efficient.

The result of this approach is SolarWinds® Backup, a cloud-first backup service designed for IT pros who are tired of spending hours every week managing their backups. While it’s a new offering from SolarWinds, the product has been in use for years among the MSP community, and is already trusted by thousands of organizations. Here’s what a few of them have to say:

pastedImage_5.png

- Justin Cremer, IT Professional, Libra IT

pastedImage_10.png

- John Treanor, IT Professional, Satellyte Technology

More customer comments and insights can be found on TechValidate®.

To learn more about SolarWinds Backup and begin your free trial, check out the Product Blog post. Find out how simple backups can be.

Read more
1 2 986
Level 9

Update – February 7, 2018:

Cisco® updated their vulnerability advisory on Monday, February 5, 2018 after identifying “additional attack vectors and features that are affected.” What does this mean? If you patched last week, you may need to patch again. Be sure to read the advisory notice carefully to find out if your environment is at risk.

-------------------------------------

(Originally posted Wednesday, January 31, 2018):

What is it?

Earlier this week, Cisco revealed that there is a security vulnerability in the Cisco® ASAs, exposing these firewalls to remote attackers. Of course, now we all know about it, as does anyone who may want to exploit this opening. The good news: Cisco has released a critical update to address the issue. The bad news? There is no other workaround, so affected devices must be updated to be secured, and now you’re in a race against anyone who may be trying to take advantage. It’s worth noting that some FirePower devices are affected also, so read the Cisco post in detail to help ensure that you know where your vulnerabilities may lie.

What can you do?

Fortunately, if you have SolarWinds® Network Performance Monitor (NPM), our own KMSigma has created a report so you can quickly see if you have vulnerable devices. (For a refresher on implementing user-created reports, see How to export and import reports in the Orion® web console.)

Once you’ve identified affected devices, you can use Network Configuration Manager (NCM) to easily schedule, patch, and monitor your ASA devices using the firmware upgrade process. Are you running multi-context ASAs? No problem. The firmware upgrade path supports both single- and multi-context upgrades.

In this industry, it doesn’t take long to realize that discovering vulnerabilities of this nature—and subsequently addressing them—is a standard part of the job description. Having the right tools available can make a notable difference in how long your network is exposed and how much effort is required to remediate issues.

Tell us:

Were your devices affected? Have you already updated, and if so, did you use NPM and NCM to do so? Use the comments to tell us how it went. Were you affected but don’t have NPM or NCM? Download free 30-day trials of Network Performance Monitor and Network Configuration Manager today and see how they can help.

Learn more about Network Insight for Cisco ASA:

Did you know that SolarWinds added a new Network Insight feature for Cisco ASA in the NPM 12.2 and NCM 7.7 releases? Learn about all the functionality included in Network Insight for Cisco ASA.

Read more
0 1 1,272
Product Manager
Product Manager

Keeping a network up and running is a full-time job, sometimes a full-time job for several team members! But it doesn’t have to feel like a fire drill every day. Managing a network shouldn’t be entirely reactive. There are steps you can take and processes you can put in place to help reduce some of the top causes of network outages and minimize any downtime.

1. The Problem: Human Element

The dreaded “fat finger.” You’ve heard the stories. You may have done it yourself, or been the one working frantically late into the night or over a weekend to try to recover from someone else’s mistake. If you’re really unlucky (like some poor employee at Amazon® last spring), the repercussions can be massive. No one needs that kind of stress.


The Protection:
First, make sure only the appropriate people have access to make changes. Have an approval system built in. And, since even the best of us can make mistakes, ensure you have a system that allows you to roll back changes just in case.

2. The Problem: Security Breaches

Network security is becoming more and more critical every day. People trying to break the system get better, and privacy needs for users gets higher. There are many critical elements to trying to keep your network secure, and it’s important not to miss any. It doesn’t do any good to deadbolt your door when your window is wide open.

The Protection:

Protect your devices from unauthorized changes. Monitor configurations so you can be alerted to any changes, see exactly what was changed, and know what login ID was used to make the change. Also, you should be regularly auditing your device configurations for vulnerabilities. Whether you have custom policies defined for your organization or need to comply with HIPAA, DISA STIG, SOX, or other industry standards, continuously monitoring your devices to help ensure your network stays compliant is one way to help.

3. The Problem: Lack of Routine Maintenance

Over time, networks can become messy and disorganized if there aren’t standards in place, increasing both the risk of errors and the time needed to resolve them.

The Protection:

Network standardization simplifies and focuses your infrastructure, allowing you to become more disciplined with routines and expectations. Naming conventions, standard MOTD banners, and interface names are just a few things you can do to help troubleshoot and keep a balance within your team and devices, allowing for better management and less human error.

4. The Problem: Hardware Failures

It’s not if hardware will fail, but when. Are you ready to make a speedy recovery? When a device unexpectedly goes down, it can have a big impact, depending on which device it is and what redundancies you have in place.

The Protection:

Ensure that you can quickly recover devices or bring a replacement online by having device configurations automatically backed up so you can quickly bring new devices online.

5. The Problem: Firmware Issues / Faults in the Devices

When you support hundreds of devices, required firmware updates can be tedious, and executing commands over and over increases the risk of error.

The Protection:

With network automation, you can easily manage rapid change across complex networks. Bulk deploy configurations to ensure accuracy and speed up deployment times.

Increase your uptime and reduce the challenges of keeping your network running smoothly so you can focus on other projects. With SolarWinds® Network Configuration Manager, you can bulk deploy configuration changes or firmware updates, manage approvals, revert to previous configurations, audit for compliance, and run remediation scripts. Take action today to reduce these five causes of network outages.

Read more
1 0 576
Product Manager
Product Manager

We just can't have anything nice, now can we?  Oh, well. We knew there would be new vulnerabilities and ransomware attacks in 2018. However, this time hardware is the culprit, and patching is not going to be a cure-all for the situation. Consider yourself warned: expect more slowdowns in 2018.

Stop and think about this for a second: as the days progress, we are literally learning how much this new vulnerability impacts us. Anyone who says they have the full solution is not being honest with you or themselves. What I would like to do is help you to see how you can use the tools you likely already have to make you more aware of past, present, and future vulnerabilities and threats. That said, let's move on to the importance of using SolarWinds tools to do just that.

SolarWinds® Patch Manager will allow you to update your Windows® machines to their Microsoft® patches. If you are currently using this product, you should already be scheduling and looking for these. I discovered that there can be some issues with third-party Windows antivirus or you might get the BSOD. Read more here, because the awesome chart helps clarify these issues and how to prevent them from happening to you.

Further, Patch Manager will allow you to schedule and report on your Windows devices regarding updates. The reporting is key to showcase your compliance and, in this case, start your baseline. Plus, just because you update your devices does not mean you are 100% in the clear. Updating your third-party packages is an added bonus with Patch Manager, a fact that is often overlooked though desperately needed.     

SolarWinds® Server & Application Monitoring (SAM) will help you validate your business, yourself, and your vendor support for any degradation that patching may have on your applications. This is something you will want to have in place as soon as possible. It allows you to see any anomalies that may present themselves to your applications after the patching is applied. And because SAM is multi-vendor, you’ll be able to address even broad-scale hardware issues. The avid SAM users among you will likely know even more tricks for using the software, and I encourage you to share your knowledge in the comments to help us all be more aware in terms of application-centric monitoring.

SolarWinds® Network Configuration Manager (NCM) comes helps when there are firmware upgrades\updates that need to be applied to impacted network devices. It also helps you to roll these out. There is a compliance reporting function built into NCM that will assist with audits automatically. Remember, this incident is ongoing, which makes NCM’s ability to import very helpful. In fact, you can plug into firmware vulnerability warnings provided by the National Institute of Standards and Technology (NIST). This puts you even further ahead of future vulnerabilities.

SolarWinds® Network Performance Monitor (NPM) is all about the baseline. If you have ever been to one of our SWUGs, you have heard me preach endlessly about baselines and their extreme importance. However, I understand that sometimes you need black and white in front of you to truly understand this. The mindset I’m currently following regarding this vulnerability looks something like this:

  1. Patched and we have our checkbox
  2. Monitoring our application performances
  3. Ready for updates to needed network devices
  4. Monitoring the common vulnerabilities database
  5. Waiting for any anomaly that may present its ugly face (my favorite)

We can now show that we have implemented the patching to put a Band Aid® on the issues that could present themselves. However, as I’ve already mentioned, this is not a full fix. A hardware option would be the best solution, but is obviously not available to billions of devices at this time. YOU ARE THE THE FIRST RESPONDER!

Using NPM in combination with the other tools that I have outlined allows you to verify the patching and the results. Also, if there are ticks or drops or spikes that do NOT match your current baseline, you can share that solid reporting and documentation with your vendor to work out the possible issue, which makes you part of the solution. Is there anything better than working at the edge of technological advancements to create countermeasures to vulnerabilities? NO. The answer is a solid NO.

If you don’t already have it in place, set up threshold alerting and monitoring on critical devices that are housing your applications. That helps ensure that you are alerted to anything out of the ordinary, allowing you to get things back on track. It also shows your team and other departments that you are fully invested in the integrity of application uptime and performance. Also, if you have DevOps, you really need the documentation and baselines to prove that perhaps the performance issue is not the in-house application, but an actual patching issue. That, right there, can save a lot of unneeded cycles through rabbit holes.

Please let me know if you have additional ways to protect and help through these beginning stages of 2018 vulnerabilities. The ideas we share could literally help the many of you who act as a one-person army fighting your way to the top!

Thank you all for your eyes,

~Dez~

In case you’d like more information on any of the products mentioned above, check these out:

SolarWinds® Patch Manager

SolarWinds® Server & Application Monitor

SolarWinds® Network Performance Monitor

SolarWinds® Network Configuration Manager

Other resources:

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac....

https://www.nytimes.com/2018/01/03/business/computer-flaws.html

Check out our Security and Compliance LinkedIn® Showcase Page for ideas on how to socialize this content: https://www.linkedin.com/showcase/solarwinds-security-and-compliance/

Follow our Federal LinkedIn page to stay current on federal events and announcements: https://www.linkedin.com/showcase/4799311/

Read more
3 7 2,664
Level 14

Looking back through previous content, I came across this post by Jerry Eshbaugh.

SQL Server Two Ways - SAM AppInsight for SQL and Database Performance Analyzer

I read through it again and realized it still resonates in a big way. I’d like to add this foreword and bring it up to speed given some recent changes. SolarWinds® Database Performance Analyzer (DPA) wait-time statistics and resource metrics were recently added to the Performance Analysis view (lovingly known as PerfStack) in the Orion® Platform. I believe this addition gives IT professionals the end-to-end visibility they want. I know we all tend to exist in silos, but that doesn’t mean we don’t want greater upstream and downstream performance metrics.

Now you can easily see if your database performance is impacting application response time, and if storage latency is causing longer I/O related database activities. Also, you can view existing dependencies and what relates to what. These customizable dashboards are way cool!

If you haven’t had a chance to check it out, you have a couple of ways to do so:

  • If you own just DPA (without any Orion products), you can now download a standalone DPA Integration Module (DPAIM) from your customer portal as part of your existing license. That’s right! It’s free. You will be limited to DPA data only, as there are no other modules running to collect application, server, storage, and network data, etc.
  • If you already have another Orion product and are on the latest release, DPAIM may be installed (it comes with Server and Application Monitor for example), or you can install the DPAIM module from your customer portal on your Orion Platform.
  • If you aren’t ready to commit to a download, you can check out oriondemo.solarwinds.com and try out the Performance Analysis view. This might be a good start to play around with, but remember, it is demo data. Things may not line up exactly. Some of the data might be invented. The best way to get the most out of the PerfStack dashboard would be to look at your own data with it, which is infinitely more interesting!

Let us know what you think about it!

Read more
0 1 301
Level 14

Jogging is my exercise. I use it to tune out noise, focus on a problem at hand, avoid interruptions, and stay healthy. Recently, I was cruising at a comfortable nine-minute pace when four elite runners passed me, and it felt like I was standing still. It got me thinking about the relationship between health and performance. I came to the conclusion that they are related, but more like distant cousins than siblings.

I can provide you data that indicates health status: blood pressure, resting heart rate, BMI, body fat percentage, current illnesses, etc. Given all that, tell me: can I run a four-minute mile? That question can’t be answered solely with the data I provided. That’s because I’m now talking about performance versus health.

We can also look at health metrics with databases: CPU utilization, I/O stats, memory pressure, etc. However, those also can’t answer the question of how your databases and queries are performing. I’d argue that both health AND performance monitoring and analysis are important. They can impact each other but answer different questions.

“What gets measured gets done.” I love this saying and believe that to be true. The tricky part is making sure we’re measuring the right thing to ensure we’re driving the behavior we want.

Health is a very mature topic and pretty much all database monitoring solutions offer visibility into it. Performance is another story. I love this definition of performance from Craig Mullins as it relates to databases: “the optimization of resource use to increase throughput and minimize contention, enabling the largest possible workload to be processed.”

Interestingly, I believe this definition would be widely accepted, yet approaches to achieving this with monitoring tools varies widely. While I agree with this definition, I’d add “in the shortest possible time” to the end of it. If you agree that you need to consider a time component in regards to database performance, now we’re talking about wait-time analysis. Here’s a white paper that goes into much more detail on this approach and why it is the correct way to think about database performance.

We can only get to the right answer regarding root cause if we’re collecting (measuring) the right data in the first place. Below is a chart with some thoughts on data collection requirements. Adapt as needed, but I hope it provides a workable framework.

pastedImage_0.png

Remember: don’t stop with asking “What can we do?” Take it to the next level and instead ask, “What should we do?”

Read more
0 0 174
Level 11

Do you know how to protect your organization's sensitive data from today’s cyberthreats? One way is to arm the enterprise with a security information and event management (SIEM) tool. SIEM solutions provide a meaningful contribution to defense-in-depth strategies with their ability to detect, defend against, and conduct post-mortem analysis on cyberattacks and general IT security anomalies. Over the years, they have become a contributing force in meeting, maintaining, and proving a business’ alignment with regulatory compliance frameworks such as HIPAA, PCI DSS, SOX, and more. Let's take a look at how SIEM software works and why it's a must have for your business.

What is SIEM?

Predecessors of SIEM solutions, security information management (SIM), and security event management (SEM) began merging into one security system over a decade ago. When you run a SIEM tool, all your relevant security data can come from multiple locations, but you can look at all that data from one dashboard. Being able to access data across numerous locations and evaluate it in one location makes it easier to spot unusual patterns and trends, and react and respond quickly to any possible threats.

The SIEM software collects information from event logs spanning all your devices, including anti-virus, spam filters, servers, firewalls, and more. It then uses key attributes (IPs, users, event types, memory, processes, ports) that can indicate security incidents or issues to alert and respond quickly—and in many cases, automatically.

How Does SIEM Help With Security?

The event management portion of a SIEM solution stores and interprets logs in a central location and allows analysis in near real-time, which means IT security personnel can take defensive actions much more rapidly. The information management component provides trend analysis, as well as automated and centralized reporting for compliance by collecting data into a central repository. As a whole, a SIEM tool provides quicker identification and better analysis and recovery of security events by combining these two functions. Another advantage is that compliance managers can confirm they are fulfilling their enterprise's legal compliance requirements with a SIEM tool.

Advantages of a SIEM Tool

There are many advantages to using a SIEM tool, other than only needing one tool to monitor cybersecurity. SIEM systems can be used for different purposes, so the benefits will vary from one organization to another, but every organization that uses a SIEM tool will experience these main benefits:

  1. Streamlined compliance reporting. SIEM solutions leverage the log data from various devices across an organization or enterprise.

  1. Better detect incidents that otherwise might be missed. SIEM products enable centralized analysis and reporting for an organization's security events. The IT security analysis may detect attacks that were not found through other means, and some SIEM products have the capabilities to attempt to stop attacks they detect—assuming they are still in progress.

  1. Improve their efficiency in handling activities. You can save time and resources with a SIEM tool because you can respond to security incidents more quickly and efficiently. IT professionals can quickly identify an attacker’s route, learn who has been affected, and implement automated mechanisms to stop the attack in its tracks.

What to Look for in a SIEM Tool

What features should you be looking for when shopping for a SIEM tool? Here are just a few of the important questions to consider when evaluating SIEM solutions:

  1. Does the SIEM provide enough native support for all relevant log sources?

  1. How well can the SIEM tool enhance current logging abilities?

  1. Can the SIEM software effectively use threat intelligence to your advantage?

  1. What features does the SIEM product offer to help carry out data analysis?

  1. Are the SIEM's automated response capabilities timely, secure, and effective?

Stay Protected with SolarWinds Log & Event Manager

There are numerous SIEM tools to choose from, but SolarWinds® Log & Event Manager (LEM) offers valuable features that can help you improve both your security and compliance, with relative ease and with limited impact on IT budgets.

These are just a few of the features LEM provides:

  1. Detect suspicious activity. Eliminate threats faster by instantaneously detecting suspicious activity and sending automated responses.

  1. Mitigate security threats. Conduct investigations of any security events and apply forensics for mitigation and compliance.

  1. Achieve auditable compliance. Demonstrate compliance with audit-proven reporting for HIPAA, PCI DSS, SOX, and more.

  1. Maintain continuous security. Your efforts to protect your business against cyberthreats should extend to the choices of software you employ to do so. LEM is deployed as a hardened virtual appliance with data encryption in transit and at rest, SSO/smart card integration, and more.

Purchase SolarWinds Log & Event Manager Software

Visit us online today to learn more about Log & Event Manager and get a free 30-day trial of the software. Learn more about the key features we offer in LEM, and watch our informative video explaining how it works. Get answers to frequently asked questions and hear from some of our very satisfied customers. This SIEM tool is clearly an industry favorite. Click here to see how it can help your enterprise or organization stay safe and secure from cyberthreats with the SolarWinds Log & Event Manager software.

Read more
0 0 1,037
Level 11

In today's landscape of security breaches and cyberattacks, it seems like no company or network is completely immune to cybercrime. In fact, you don’t have to search very hard in the news to read about another cyberattack that has happened to a big corporation. Thankfully, developers are constantly looking out for these threats and building important security patches and updates protect the data. Let's look at some of the major vulnerabilities and attacks that have happened in 2017.

Microsoft Security Bulletin MS17-010 (March 14, 2017)

Although this wasn't exactly a hack, it serves as a great reminder of how scary security vulnerabilities in Microsoft® Windows® software can be. The bulletin detailed several cyber security threats, but the most severe vulnerability was the potential for an attacker to execute code on the target server. This vulnerability was so huge that Microsoft called the security patches “critical for all supported releases of Microsoft Windows.”

Imagine the impact this could have had if the cyber threat was not discovered and a security patch was not created.

The biggest impact of this bulletin was that it showed how many zero-day level flaws were present in Microsoft products that made users vulnerable to cyberattacks. Essentially, the combination of the delayed rollout of crucial security patches and enterprises’ often slow adoption of patches made all Microsoft users vulnerable to the WannaCry and NotPetya ransomware attacks.

WannaCry Ransomware Attack (May 12, 2017)

The WannaCry Ransomware attack was one of the most significant cyberattacks in 2017. Seventy-five thousand organizations from 99 countries reported being attacked. How did it happen?

A vulnerability called EternalBlue was responsible for spreading the WannaCry attack. This vulnerability was actually addressed in Microsoft’s security patches released in March. Unfortunately, many users had not yet installed these critical patches.

Impact of WannaCry

As the name implies, many Microsoft users probably did want to cry after being hit by this cyberattack. It created a moment where global internet security reached a state of emergency. WannaCry affected the U.K., Spain, Russia, Ukraine, Taiwan, and even some Chinese and U.S. entities. In many cases, companies were forced to pay $300+ to regain access to their files/system. However, there was another even more severe impact, as sixteen National Health Service organizations were locked out of their systems. Many doctors were unable to pull up patient files and emergency rooms were forced to divert people seeking urgent care.

Petrwrap/Petwrap/NotPetya Ransomware Attack (June 27, 2017)

This attack was even worse than the WannaCry attack. NotPetya did not act like other ransomware malware. Instead, it rebooted victims’ computers and encrypted their hard drive’s master file table, which rendered the master boot record inoperable. Those who were infected lost full access to their system. Additionally, the cyberattack seized information about the file names, size, and location on the physical disk. NotPetya spread because it used the EternalBlue vulnerability, just like WannaCry.

Impact of NotPetya

NotPetya reportedly infected 300,000 systems and servers throughout the world, including some in Russia, Denmark, France, the U.K., the U.S., and Ukraine. Ukraine was hit the hardest. Within just a few hours of the infection starting, the country’s government, top energy companies, private and state banks, the main airport, and metro system all reported hits on their systems.

How to Protect Your Business From Cyberattacks

The evidence is clear. Hackers are always on the prowl and cyberattacks will happen. The key is to be ready for them so you can prevent an attack from being successful. You must take every step possible to protect your company and your private information. There are several important things you can do, including making sure you always install security patches and updates. For example, if infected organizations had installed the update patches in March, they would have been protected from the WannaCry attack. Therefore, this simple step could be the difference in whether or not a cybercriminal is able to successfully hack into your data.

Think Prevention, Not Cure

While installing every patch developers make might seem like a hassle, the fact is these patches play a significant role in your cybersecurity efforts. There is great wisdom in the saying of “an ounce of prevention is worth a pound of cure” when you’re dealing with cybersecurity. It’s so much easier to take the necessary steps to prevent a cyberhack than it is to overcome all the problems after a breach occurs. Regularly installing security patches is a must, especially since you might not be aware of the possible threats that could be coming.

Let SolarWinds Patch Manager Do the Work for You

Although constantly installing these updates and patches can be a pain, and it can feel like you get a new patch almost every other day, patches are a necessary evil. Thanks to the SolarWinds® Patch Manager software, you can now leave this tedious chore to someone else. This intuitive patch management software allows you to quickly address software vulnerabilities in your system. SolarWinds Patch Manager offers several key features, including:

  1. Simplified patch management. Automate the patching and reporting process and save time by simplifying patch management on servers and workstations.
  2. Extend the capabilities of WSUS patch management. Decrease service interruptions and lower your security risks by helping ensure patches are applied and controlling what gets patched and when.
  3. Extend the use of Microsoft System Center Configuration Manager. Protect your servers, desktops, laptops, and Virtual Machines (VMs) with the most current patches for third-party apps.
  4. Demonstrate Patch Compliance. Stay up to date on all vulnerabilities and create summary reports to show patching status.

Additionally, SolarWinds Patch Manager offers a Patch Status Dashboard. The dashboard tracks who got patched and what still needs to be patched. You will be able to see the most recent available patches, the top patches you are still missing, and the overall general health of your cyber environment. Patch Manager also allows you to build your own packages for many other types of files, including .EXE, .MSI, or .MSL.

Download SolarWinds Patch Manager now to identify the vulnerabilities in your system and help protect your business.

Read more
0 0 258
Level 9

Were you affected by an internet connectivity outage earlier this week? This outage affected users across the U.S., and originated from Level 3, an ISP recently acquired by CenturyLink®. Because Level 3 also provides infrastructure to other internet providers, some Comcast®, Spectrum®, Verizon®, and AT&T® users experienced outages as well.

          Level3.PNG
                (Source: Twitter)

A configuration error? That’s what I thought when I first read this. There are many crazy ways connectivity issues can occur, from rats chewing through cables to your standard PEBKAC error causing a user to holler, “the internet is down!” But configuration errors? This is an easy one to address.

Perhaps even more concerning than a massive telecommunications company losing connectivity due to a config error is the amount of time to recover. After the issue was corrected, Level 3 issued a statement to several publications (including TechCrunch, Slate, Mashable, and The Verge), saying:

"On Monday, November 6th, our network experienced a service disruption affecting some customers with IP-based services. The disruption was caused by a configuration error. We know how important these services are to our customers. Our technicians were able to restore service within approximately 90 minutes."

90 minutes to recover from an issue that is affecting potentially millions* of people in the middle of the workday is about 89 minutes too long. (*Total number of customers affected hasn’t been released, but it included customers of Comcast, Spectrum, Verizon, and AT&T across the U.S., among others.)

          ComcastOutage.png

               (Source: DownDetector.com via CNN)

Are YOU ready to ensure that something like this doesn’t happen to you? With SolarWinds® Network Configuration Manager (NCM), you can rest easy knowing that you are prepared. Even if a config error does occur, you can quickly rollback to a known-good config that you have saved, thanks to NCM’s automatic backups. If you need to make updates across devices, you can easily push bulk changes. And no need to worry about someone else messing with your configs—you can control who can make changes, and what kind, directly from the NCM console.

While we can’t help you with rats chewing your cables, we CAN help with your config management. Download a free trial of Network Configuration Manager today.

What are some of the craziest causes of connectivity issues that you’ve encountered?

Read more
1 0 358
Level 8

Imagine this scenario: You are running a Kiwi® server either on-premises or in the cloud, and need to push at least a portion of that log data to Papertrail. This would be especially helpful in situations where Kiwi is already in place, and you need to allow a developer, support contact, etc. external access to limited log data without providing access to the Kiwi server itself. Once these logs are pushed to your Papertrail account, you can grant users access to specific Papertrail log data. These Papertrail logs can be viewed from anywhere, while Kiwi servers are often locked down within a secured network. The best part is that you can maintain a complete local copy of your logs while pushing interesting log data to Papertrail for use with advanced search and alerting features.

From your Kiwi Syslog® Service Manager select File -> Setup.

In the setup page, you have a rule named Default that displays all log entries sent to Kiwi and logs them to a file.

Send everything to Papertrail! If you wish to forward ALL logs seen by Kiwi to Papertrail, add the Send to Papertrail action to your Default rule, or any rule with no filters configured.

However, if you want to send only certain messages to Papertrail, you’ll need to add a new rule with a filter to capture just the specific messages you want.

We'll be adding 1 New Rule with 2 Filters and 2 Actions.

pastedImage_0.png

FILTERS

Filters allow several methods of matching log data. Positive matches result in the actions for that rule being performed on those log lines. Hostname, IP, Message Text, and Priority are the most commonly used filters.

Add the new rule by right-clicking Rules and selecting Add rule.

pastedImage_1.png

Under the new rule, right click Filters and Add Filter.

pastedImage_2.png

In the Field section, choose Priority.

pastedImage_3.png

Click on the Priority headings to highlight all the columns.

pastedImage_4.png

Click the green check mark at the bottom, to select the highlighted fields.

pastedImage_5.png

Next, create a new filter to match the text in log lines using the Message Text field, and Simple filter type. Here I used "test" because it will match on all of the Kiwi default test log lines. You can use any text strings in this filter to match log entries you wish to send to Papertrail.

pastedImage_6.png

ACTIONS!

Now configure the actions to take place on log lines matching our filters. Start by adding them to a Kiwi display so we can see what's matching the rule right here in Kiwi.

Under the new rule, right-click Actions and Add action.

pastedImage_18.png

Select the Display action at the top of the menu. Set a Display number that corresponds to the display dropdown in the main Kiwi window. You should use a unique display that isn't used by other Kiwi rules. Display 00 shows ALL logs seen by Kiwi by default, so I’ve used Display 01 instead. This will only show everything sent to Papertrail.

pastedImage_19.png

Now add an action to send the matching logs to Papertrail.

Under the new rule, right-click Actions and Add action to add another action.

pastedImage_20.png

Select the Log to Papertrail.com (cloud) action to send logs to a Papertrail account. Replace the hostname and port with your own log destination found here: https://papertrailapp.com/account/destinations

pastedImage_21.png

After hitting Apply to save the configuration, use the File –> Send test message to localhost menu item to generate a log line that will be pushed to your Papertrail account and shown on the Kiwi display you set. In your Papertrail account, you’ll see your Kiwi server show up by IP or hostname, but you can rename it as I’ve done here. (Remember: The test log line shown has to match your filters.)

pastedImage_22.png

pastedImage_23.png

pastedImage_24.png

Troubleshooting

Not seeing log lines in Papertrail? Does the Kiwi server have outbound network connectivity that allows a connection to Papertrail? In ~90% of cases, this is caused by host-based firewalls or other network devices blocking connectivity to Papertrail.

The PowerShell® below will test basic UDP connectivity to Papertrail from a Windows® host. Replace the Papertrail Hostname/Port with your actual log destination settings found here. Copy and paste all lines at once into PowerShell. (Run PowerShell as Administrator if you have trouble.)

WINDOWS - PowerShell

$udp = New-Object Net.Sockets.UdpClient logs6.papertrailapp.com, 12345

$payload = [Text.Encoding]::UTF8.GetBytes("PowerShell to Papertrail - UDP Syslog Test")

$udp.Send($payload, $payload.Length)

You can use this similar script to replicate a log transfer to Kiwi. Run this from the same host the Kiwi server is on.

$udp = New-Object Net.Sockets.UdpClient 127.0.0.1, 514

$payload = [Text.Encoding]::UTF8.GetBytes("udp papertrail test")

$udp.Send($payload, $payload.Length)

Read more
2 0 690
Level 11

Security breaches have become a consistent threat, so it is critical to remain aware of the many tools, resources, and protocols available to keep you safe online. To honor and celebrate National Cyber Security Awareness Month (NCSAM), we are offering several opportunities for you to get involved and learn something new.

Think you know your cybercrime history?

We have put together a timeline of some of the most notable cybersecurity breaches throughout history. To complement the timeline, we’ve compiled a cybersecurity history quiz to test your knowledge as you travel through the decades. Take the quiz for a chance to win awesome prizes!

We need your help!

If you review the Timeline of Cybercrime, you’ll see that it is far from a comprehensive list of all cybersecurity attacks over time. Submit your suggestion of a cyberattack to add to the timeline in the comments below and receive 250 THWACK® points for all valid suggestions!

To receive your 250 THWACK points, your submission should include:

  1. The name of a noteworthy breach, vulnerability, or security attack of your choosing (must not already be featured on the timeline of cybercrime)
  2. A sentence or two about the cyberattack of your choosing
  3. A source for your research

Submit your suggestion in the comments section below. Limit one entry per THWACKster.

THWACKcamp | October 18-19

THWACKcamp is right around the corner! I encourage you to check out one session in particular that’s sure to keep the conversation about cybersecurity top of mind: “Protecting the Business: Creating a Security Maturity Model with SIEM”

RSVP today!

Live webcast – Cybercrime: Defending Against the Next Attack | November 2

Following THWACKcamp and to conclude NCSAM, join @dez and @jhynds for a live webcast where they’ll discuss some of the highlights from the Timeline of Cybercrime, as well as tips and tricks to help businesses combat today’s most common cybersecurity threats.

Register now!

Enjoy, and stay safe out there!

Read more
2 7 671
Level 12

Virtual Private Networks (VPNs) allow secure connections through the open internet. With VPN authentication, encryption, availability, and speed, end-users can work from anywhere as if they were sitting within a millisecond’s ping from the server room. Remote branch offices are connected, cloud resources are securely available, and all is well. That is, if the VPN tunnel works as it should.

Colleagues not talking to each other? Could be a grudge, could be trouble joining the call because “that VPN tunneling thingy keeps timing out.” No traffic from the remote office? Could be just lunch break, could be that the site-to-site VPN tunnel is down. What if it really is the network this time?

Setting up a trusted tunnel between two endpoints is a multi-step process—this also means that troubleshooting requires knowledge of its complexity. See these handy VPN tunnel troubleshooting flowcharts for LAN-to-LAN and Remote Access VPNs for examples of a systematic approach to figuring out why the remote connection is flunking out.

In short, you need to:

  • Send packets that are recognized as initiating a VPN connection attempt.
  • “Phase 1” establishes a secure communication channel by generating a shared secret key to encrypt further communications. Troubleshooting this phase often deals with IP addressing, encryption config, or pre-shared keys.
  • Following the working secure channel, in “Phase 2,” you establish IPSec security associations and negotiate information needed for the IPSec tunnel—connection type, authentication method, and access lists—resulting in a crypto map.
  • On we go to the data transfer:  encrypted, authenticated, and secure.

When the VPN connection fails and it’s troubleshooting time, you want visibility into your VPN environment. We’ve come up with Network Insight for Cisco® ASA to help you with just that. One of the most popular security devices on the market meets the worldwide leader in network management software. Sounds promising, right?

In SolarWinds® Network Performance Monitor 12.2, your monitored ASA devices now show additional information beyond SMNP statistics.

Site-to-Site VPN shows you whether the tunnel is up, down, or inactive. See traffic ingress and egress, duration of the VPN tunnel uptime, encryption, and hashing info. If the tunnel is down, information about the last phase completed successfully is available. Search, filter, and favorite tunnels to quickly access them in the Node Details view. You can also select specific errors from Phase 1 or Phase 2 to be ignored.

05_site2site.png

The Remote Access VPN subview presents a list of remote access tunnels, with the username and tunnel duration details, as well as the amount of data downloaded and uploaded. For failed connections, you’ll see the time and reason why the connection was ended, IP address, and client used. As always, you can use tools to search and filter the sessions.

06_remote.png

Several predefined reports and alerts are available to keep your finger on the VPN’s pulse. Tunnel down? You’ll know first. Reaching a threshold? Won’t catch you by surprise. And of course, you can customize your own advanced reports and alerts.

You can learn more about Network Insight for Cisco ASA or try it for yourself in the fully featured 30-day trial.

Read more
10 22 8,971
Level 11

Like traditional kung fu, in Security Kung Fu, there are two schools of thought. On one side, there are those guided by the industry’s best practices for IT security. On the other side, there are those who use regulatory frameworks like PCI DSS, HIPAA, SOX, and more as the guiding principles for their IT security strategy.

In the fourth and final chapter of the Security Kung Fu Series, we discussed these opposing strategies and provided insight into why our Security Kung Fu Masters view them as complementary, but not commensurate with one another.

If this subject is of interest, I strongly suggest you watch the on-demand recording of this session for a much deeper dive. Continue onward for a brief recap along with some highlights from the discussion.

Watch the On-Demand Recording | Check out the SlideShare®

Meet Your Security Kung Fu Masters

For the fourth and final chapter of the Security Kung Fu series, we decided to mix things up a bit. In addition to welcoming Jamie Hynds, Senior Product Manager for SolarWinds Security Portfolio—a featured speaker in some of our previous sessions—we were joined by Destiny Bertucci, Head Geek at SolarWinds.

With over 15 years of network management experience spanning healthcare and application engineering (nine of which she served as SolarWinds Senior Application Engineer), @Dez boasts an ever-growing ensemble of degrees and certifications with a slant towards IT security. If it’s not apparent now, you’ll see from this session that she really knows her stuff.

Beyond this,  Destiny is a frequent presence on THWACK®, most recently launching a blog/social commentary series on Geek Speak titled “Shields Down.” I strongly encourage you to follow along in her series and get involved in the discussion. Whether you’re an experienced IT security professional or on the lighter side of these skillsets, there is something for everyone. But don’t sit on the sidelines—share your stories and insights for the collective good of us all.

Regulatory Compliance

Compliance, as it relates to IT, involves adhering to rules and regulations that are meant to protect various types of sensitive data. It can govern everything from IT decision-making and purchasing, to configurations, and the policies and procedures a company must create and enforce to uphold this important task.

Rightfully so, many businesses are taking the obligation of compliance very seriously. After all, there is a lot at stake when fines and penalties can be levied against you (among other legal repercussions) for noncompliance.

Security vs. Compliance

Though, yes, compliance for many businesses is absolutely critical, it is not the end all be all. We contended throughout this session that taking a compliance-dominated approach to the way you secure your IT operations is not the way to go. In fact, with many of the examples we provided in this session, it can sometimes be a detriment to IT security.

On that note, we provided three really solid points to shape your mindset.

Compliance is more than a checkbox. Many view compliance as a “must have” to avoid the wrath of auditors. But, like I mentioned before, they let it dominate their IT strategy. Our tip is to not lose sight of the bigger picture. IT compliance should be seen as an opportunity to ensure the right controls are in place to actually keep your network and sensitive data secure.

As an example, it’s choosing between applying encryption for data in transit because it’s an IT best practice, instead of opting out of doing so because the regulations your business faces do not mandate it. If the end game is to ensure the confidentiality, integrity, and availability of sensitive data, you are doing yourself and your business a disservice and leaving yourself susceptible to attack without it.

“Compliant” does NOT equate to “secure.” Meeting regulatory compliance alone does not guarantee IT security. In some cases, it can lead you away from this objective. There are countless real-world examples of this, but it should be well-understood that in several cases, following compliance schemes strictly “by the book” can undercut your security responsibility. Why not go beyond what they dictate? For this, think of my earlier example involving encryption.

No one solution can make you compliant. The same too can be said for security in general, but simply applying one or more security solutions to your IT arsenal will not inherently make you compliant with any framework. Compliance involves many aspects outside of your software-purchasing decisions down to the very core of how your business operates.

In this session, we urged that for the sake of both these objectives, Defense in Depth strategies are applied. If you haven’t caught on yet, this was continually preached throughout the Security Kung Fu webinar series. 

According to the SANS Institute, Defense in Depth is “the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack.”

This approach has for a long time been a mainstay in the security realm, but it too should play into your approach to compliance.

Five Tips for Continuous Compliance (and Security)

As we called an end to the Security Kung Fu series, we left our viewers with some concluding thoughts on this subject. In no way does this cover all your needs, but they are all worth considering.

  1. Define policies and establish your network security baseline.
  2. Collect, correlate, and securely store all relevant and required log data.
  3. Actively monitor and analyze what’s going on within the IT infrastructure at all times.
  4. Run regularly scheduled compliance reports.
  5. Leverage regulatory requirements and audits as an opportunity to truly assess network risks and help ensure the security of your entire IT infrastructure—from perimeter to endpoint!

A final takeaway, however: no matter your objectives, there are a multitude of software offerings from SolarWinds that can assist your business and support an in-depth defense strategy. Visit the IT Security Software page to learn more.

Well, I hope you enjoyed not only the webinars that made up this series, but each recap I’ve provided as well. As always, I welcome your feedback or thoughts on any of this subject matter.

Read more
11 9 5,531
Level 9

DO YOUR FIREWALLS HAVE ACCESS CONTROL LISTS OR OUT-OF-CONTROL LISTS?

Do you badge in and out of your office each day? That electronic lock should be doing two things: making sure you can get in (and get to work), and keeping people who shouldn’t be there out.  If the permissions aren’t right, you could be blocked from entering. Or, worse, people who aren’t authorized could walk right in. This is what happens if the Access Control Lists (ACLs) on your firewall aren’t properly configured. Valid traffic could be blocked, or unauthorized traffic could slip through. This can impact productivity and even be a security risk.

ACLs can be hundreds or even thousands of lines long. They may have been set up years ago and been modified too many times to count. Are you confident that they are controlling the traffic the way you want? Do you need deeper network insights to see what is really going on?

Reviewing your Access Control Lists can be a tedious task, but the latest release of SolarWinds® Network Configuration Manager (NCM) makes it easy. This release introduces a new feature, Network Insight™ for Cisco® ASA, so you can easily review and audit ACLs for your Cisco ASA firewall.

  1. Review what ACLs are configured
    You can’t control it if you don’t know you have it. First, take a look to see what Access Control Lists are set up. The network insights you get with NCM will allow you to view all ACLs configured on the ASA. See if you have an ACL that was configured but never applied. Do you have ACLs that were set up so long ago that none of the original creators are still around?

  2. Audit where and how they are assigned
    An ACL may be configured correctly but assigned to the wrong zone, reducing its effectiveness. Are your ACLs assigned to the correct zones? What interfaces are assigned to those zones? Review where your Cisco ASA ACLs are assigned to maximize their strength.

  3. See what rules are being used
    Do you have rules in place that are never used, or rules that are getting hit all the time? Use NCM’s ACL Rule Browser to browse to object group definitions, search and filter within your ACLs, and view the hit count for individual rules to debug your access rules. Rules that are never hit may have been superseded by other policy changes. Rules that are getting hit all the time may indicate a need to refine the rule. With increased network insight you can optimize the ACL rules on your Cisco ASA.

  4. Detect shadow or redundant rules
    Access Control List rules are applied in the order they are listed. When a rule is overridden by a previous rule that does a different action, it is a shadow rule. A rule that is hidden because a previous rule does the same action is a redundant rule. For example, your office wants to let in anyone who is an employee, but not on the weekends. If the badge reader checks “let in all employees” first and then checks the day of the week, the weekend rule is a shadow rule. It will not matter because the door unlocked after confirming it was an employee who was trying to enter. You can reduce security risks and help ensure your ACLs are working as intended by identifying shadow or redundant rules.

  5. Compare ACLs for changes
    It can be difficult to troubleshoot ACL config issues. Network Configuration Manager helps make this process easier with side-by-side ACL config comparisons on your Cisco ASAs. You can compare an ACL to a previous version on the same node, or compare to other nodes, interfaces, or to a different ACL. Identify errors and verify consistency with Network Insights for Cisco ASA.

By working through this simple checklist, you can restore confidence that your firewalls are effectively managing the traffic flow in and out of your network. You can try Network Insight for Cisco ASA in the latest release of Network Configuration Manager. With a free, 30-day trial of NCM, you can see for yourself how easily you can bring your ACLs back under control. Look like a firewall expert without having to be a firewall expert!

Read more
2 3 3,484
Level 11

While countless companies rely on Active Directory® (AD) to ensure only the right individuals have the right access, hackers still can penetrate, lie in wait, and jump at the next opportunity to elevate their permissions. Each move is calculated, and if undetected, earns them greater and greater access to data and systems to begin the slow siphoning of intelligence or suddenly launch IT security attacks.

How the bad guys get in can vary, but the who in this equation matters just as much. Not only do external parties pose a threat, there are also those coming from within your own ranks who can be just as dangerous, whether intentionally or not.

It can also be said that AD changes and events, such as unauthorized account provisioning, escalating of privileges, and changing user accounts may not only be indicators of malicious activity on the network, but the very acts themselves can create security holes that may lead to compromises in the future.

When threats can manifest from both outside and inside the four walls of your businesses, any practitioner of IT security would agree that sometimes the best offense is a strong defense. In Part Three of the Security Kung Fu Webinar Series, we discuss how monitoring for Active Directory changes using security information and event management solutions (or SIEM) can help you do just that, all while helping you meet certain regulatory compliance requirements in the process.

Building on each of the subjects covered in our previous two Security Kung Fu events, we turned our focus inward to cover the IT security threats coming from within. Dive right into this subject using the resources below, or read along for a quick recap of this session to further whet your appetite for some security goodness.

Watch the On-Demand Recording | Check out the SlideShare®

Meet Your Security Kung Fu Masters

Returning for this session are both Jamie Hynds and Ian Trump, featured speakers from Security Kung Fu: Playing with Fire(wall) Logs. If you missed the recap on this or any of the previous Security Kung Fu webinar sessions, be sure to check them out! And if you want to get deep in the weeds on certain IT security or compliance topics, I strongly encourage you to follow Jamie (@jhynds) on THWACK®. He’s published quite a few articles that are worth a read.

The Threats From Within

Though the lion’s share of media attention is placed on external hackers finding an “in,” numerous roads lead to IT security compromise. Insiders remain a very real and substantial threat. Whether by purposefully acting out of malice or enabling external threats through their own negligent actions (or simple inaction), there’s much to consider when turning your IT security focus inward. Here are some examples we highlighted as part of this session that you should definitely consider:

  • Malicious intent – Though touched on above, this speaks to the purposeful action on the part of trusted insiders to act in opposition to the interests of an organization. Common IT threats include fraud, sabotage, and theft or loss of confidential information.
  • Not following policies or procedures – Sometimes purposeful, sometimes not, this IT security threat involves acting out of accordance with internal guidelines regarding the use of technology or the handling, disposing, and disclosing of sensitive information to unauthorized parties.
  • Negligent behavior – Whether these actions violate clearly written and enforced policies or procedures, or plainly defy basic logic, this involves your own employees or individuals from the businesses you represent unknowingly putting your IT operations in harm’s way. As simple as falling prey to phishing attacks or some other mode of social engineering, their actions may not have been explicitly forbidden, but they still result in compromise.
  • Integrity of the AD Domain – Though Active Directory is in place to ensure many of the above forms of threats do not either take a foothold or spread, simple actions on the AD Domain can give rise to security issues as well. Despite being a fundamental practice for an IT organization, potential Active Directory security vulnerabilities can be cause for concern when hackers are looking for the keys to the kingdom. If you give them an inch, they’ll take a mile.

I should temper this in saying that in no way is this any exhaustive list. In fact, we go into greater detail about other possible internally-caused IT security issues on the webinar itself. The point here is that there are numerous ways a trusted insider can become your weakest link or gravest threat.

The Necessity of Monitoring Active Directory

We cover each of these modes of insider threats and signs of abuse with purpose. It highlights the very important need for monitoring and auditing Active Directory changes to at least identify the signs that something has gone awry.

A SIEM tool is perfect for that. Not only can you use one to keep close watch of things, but it can also issue alerts when an anomaly is spotted. Further, this software can help enable real-time active responses, such as logging off users, blocking IP addresses, killing processes, and adjusting Active Directory settings at the first sign of threat. SIEM solutions can not only contribute to improving IT security, but also compliance.

So, what are among the most pertinent items to look out for when monitoring Active Directory changes? Here are some of the standouts:

  • User events
  • Authentication events
  • Group changes
  • Policy changes
  • Password resets

Though seemingly harmless, these actions should be reviewed for authenticity. There’s simply too much at stake.

Pro Tip: Users of Log & Event Manager (LEM), SolarWinds’ own SIEM solution, should check out this video in the SolarWinds Success Center for guidance on how to leverage LEM to detect privilege changes in Active Directory.

A Nod to Compliance

The ability to monitor and respond to threats is so critical to a business’ IT security, and the ultimate goal of maintaining the confidentiality, integrity, and availability of sensitive data, that it’s no wonder many of the top compliance frameworks include provisions that cite the need for monitoring for such Active Directory changes. We spoke about this in depth during an Ultimate Window Security Event we participated in, titled “Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What The....” SOX, HIPAA, PCI DSS, FISMA, NIST, GLBA—you name any compliance law or standard—all cover, in some way, the need for tracking such actions. There are even certain AD events that can be mapped directly to these frameworks to assist in meeting certain objectives and demonstrate potential IT security vulnerabilities to auditors.

Though we only touched on the subject briefly as part of this and our other Security Kung Fu webinars, the fourth and final event in the series covers the topic of compliance in-depth. There, we discussed the two prevailing “schools of thought,” or drivers of IT decision-making and practice: security vs. compliance.

I hope you’re finding these session recaps helpful. Stay tuned for my recap of the final session from the Security Kung Fu series.

Read more
3 1 3,373
Level 11

Firewalls are an important first line of defense against a range of security threats. But outside of brute force hacks, countless a firewall has fallen to more sophisticated modes of attack, if not circumvented altogether. The consequence of which means hackers gain access to the network and trouble ensues.

Part Two of the Security Kung Fu Webinar Series built upon our previous discussions (check out the Security Kung Fu: SIEM Solutions blog for a recap) to highlight the important role firewalls play in network security and how log messages generated from these devices can provide meaningful insights to either thwart a security incident altogether, or assist in stopping one in its tracks. That is, assuming you’re armed with the right tools.

As important as it is to collect logs from these (and other) network devices, just as important is what you do with the data you collect. That’s where SIEM solutions come in. Beyond this, we discussed how NCCM solutions contribute to deeper security and what for many companies is an end-all, be-all: helping them handle a variety of regulatory compliance objectives.

If this piques your interest, I encourage you to dive into the resources below or read along to find out all this event had to offer!

Watch the On-Demand Recording | Check out the SlideShare®

Meet the Security Kung Fu Masters

In addition to Ian Trump, a featured speaker in the first installment of the Security Kung Fu series, we welcomed Jamie Hynds, Senior Product Manager for SolarWinds® Security Portfolio. Jamie has years of experience in a variety of roles such as Sales Engineer for SolarWinds, IT Auditor and Security Consultant for Deloitte®, among others. In each capacity, he has assisted businesses in adopting technologies to enhance security, meet regulatory IT compliance, and pass audits for a broad array of compliance frameworks.

Be sure to check out Jamie’s often security-centric posts on THWACK® as well. He posts under the handle @jhynds.

Anatomy of an Attack

Once again referencing the Lockheed Martin Cyber Kill Chain®, we reviewed how firewalls protect against outside threats at the “Delivery” stage of this model by enabling certain defensible strategies. But despite the presence of physical/virtual barriers to a network, perimeter defenses are not enough. They can, however, further aid in the detection of threats. As we say in the series “the devil is in the details”… details found in your log data.

The Detection Deficit

Avid readers of security reports, like myself, may have grown fond of the Verizon® Data Breach Investigations Report (DBIR). Each year, analysts from Verizon publish the results of the miles of anonymous data they gather on actual security incidents (and breaches) from the prior year.

What was once a mainstay of this report tracked an important statistic dubbed the “detection deficit.” The detection deficit refers to the gap between an attacker’s “time to compromise” and the defender’s “time to discover.” Pretty important stuff, huh? Well, in an unfortunate turn of events, this measure was dropped from the 2017 Verizon DBIR that published shortly after the Security Kung Fu: Playing with Fire(wall) Logs webcast took place. Given that all the data collected for the DBIR is based on breaches that actually occurred, there wasn’t a logical need to track this measure moving forward, as it was “unlikely to ever show any improvement.”

Still, it’s an important subject. The more time it takes to discover threats on your network, the more damage can be done. Lowering your “mean time to detection” for security incidents is absolutely critical. As we contended in this session, with help from SIEM and NCCM solutions, your firewalls can play a big part in doing so.

The Role of SIEM and NCCM Solutions

A lot can be said about SIEM and NCCM solutions outright, but working in tandem with your firewalls, they have the potential for some really neat use cases. @Dez sums it up nicely in this post, which served as a reflection of this Security Kung Fu event. On one hand, a SIEM can help you spot malicious behavior on a firewall, including: malformed packets, unusual traffic patterns, unauthorized access, and unauthorized changes. On the back half (so to speak), using an NCCM solution, you can recover even if unauthorized changes disrupt operations or have some sort of greater impact. (Ringing any bells from Part One of the Security Kung Fu Series?)

When it’s all said and done, our Security Kung Fu Masters advised that when it comes to firewalls, you must be able to:

  • Monitor for abnormal activity, unexpected access attempts, and potential threats
  • Eliminate downtime due to misconfigurations—know what changed and when, and have the ability to back up to last known good configuration
  • Automate security audits and reports to not only verify security, but also compliance

Just a reminder: in no way is this an exhaustive list. Luckily for you, with a couple of products added to your arsenal, you can cover the bulk of these needs.

For more tips on how to improve your IT security posture, check out the entire Security Kung Fu webinar series, now available on-demand.

Read more
4 1 3,394
Level 12

Monitoring Your Cisco ASA with Network Insight

Firewalls have a unique place in the network topology. Found at the perimeter, they control network traffic, connect branch offices, and provide remote access to business services. You don’t any network component to go down or cause problems, but this is especially true of firewalls.

Some mishaps can cost you hours of troubleshooting time, and others will make you sweat while you’re trying to put out the fire on your firewall. Consider these critical failures as situations you want to avoid at all costs.

  • No entry/exit allowed – When the firewall goes down, traffic cannot enter or exit—or worse, any traffic can get into your network.
  • High availability (HA) or no availability – If you’ve set up your firewalls correctly, you’ve designed in high availability. Correct HA configuration requires that your firewalls are synchronized. If they aren’t, then a failover situation may result in no availability.
  • Failure to communicate – Connectivity to your remote locations is dependent on VPN tunnels. Tunnel down = bad, tunnel up = good.
  • No worker is an island – Unless, of course, they cannot connect remotely.
  • The shadow knows – But unless you want to dig through your ACLs, you’ll never know if you have shadowed or redundant rules.
  • Needle in a haystack – Something changed in your ACLs, but finding the changes in hundreds of lines of configurations and rules is like… well, it goes without saying.

Given the criticality of your firewalls, it’s obvious that monitoring said firewalls is equally, if not more so, important as any other piece of network equipment. Good old SNMP might not always give you enough information for a complete picture of your appliance's health. Plus, let’s face it: using each vendor’s own toolset for troubleshooting and combining the data into a complete picture gets old, fast.

We’ve tackled this and are proud to present the latest of our Network Insight features—this time, for Cisco® ASA. Thanks to CLI polling, you can now get enhanced insight into your Cisco ASA firewalls directly within Network Performance Monitor (NPM) and Network Configuration Manager (NCM).

In Network Performance Monitor 12.2 you can get visibility into the health and performance of your Cisco ASA infrastructure in a single pane of glass.

  • See the health and availability of your LAN-to-LAN VPN tunnels. Remote access VPN shows you details about connected users, tunnel duration, and more.
  • Monitor your ASA's High Availability sync status, type, and overall health for reassurance that you are prepared for a failover event.

Network Configuration Manager 7.7 automates the monitoring and management of ACLs and configurations.

  • The new ACL Rule Browser enables you to filter, search, snapshot, and compare ACL versions.
  • Identify shadow rule redundancies and rules that are configured but not pushed out.
  • Contexts are a great way to segment your ASA as independent virtual devices. With Network Insight for Cisco ASA, you can dig into each of your contexts. Update firmware using NCM’s firmware update tool, both in multi- and single-context modes.

Network Insight for Cisco ASA might just be one of the “can’t go back now” features for monitoring your firewalls. See for yourself with our free, fully featured 30-day trials of Network Performance Monitor and Network Configuration Manager, and cover your ASA!

To try Network Insight for Cisco ASA you can download a free 30-day trial of NPM, NCM or download both.

Read more
0 0 1,189