The Administrative Office (AO) of the U.S. Courts has revealed on Wednesday that it is investigating whether sealed U.S. court records had been accessed by the SolarWinds attackers. In related news, SolarWinds has hired former CISA director Chris Krebs and Stanford Uni professor and former Facebook CSO Alex Stamos to help them recover from the hack that lead to compromises of a considerable number of businesses (including FireEye and Microsoft) and US government agencies. The … More
The post Sealed U.S. court records possibly accessed by SolarWinds attackers appeared first on Help Net Security.
2020 has ended with a stunning display of nation-state cyber capabilities. The Kremlin’s SVR shocked the cybersecurity industry and U.S. government with its intrusions into FireEye and the U.S. Office of the Treasury by way of SolarWinds, revealing only traces of its long-term, sophisticated campaigns. These breaches are reminders that no organization is immune to cyber risk or to hacking. Every company is subject to the same reality: compromise is inevitable. While many companies are … More
The recent SolarWinds software supply chain breach is a clear indication that strong OT cybersecurity is a must-have in today’s threat environment. Waterfall’s technologies have long enabled integration between OT networks and enterprise networks without the risk of any attack getting back into the protected network. The time has come to deploy this class of hardware-enforced protection universally on OT networks. The SolarWinds breach shows only that the cyber threat environment continues to worsen. The … More
Microsoft has confirmed that it, too, is among the companies who have downloaded the compromised SolarWinds Orion updates, but that they have isolated and removed them. “We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,” the company stated on Thursday. Additional victims identified Along with the above statement, Brad Smith, Microsoft President and … More
The post Microsoft was also a victim of the SolarWinds supply chain hack appeared first on Help Net Security.
As the list of known organizations compromised by way of the SolarWinds supply chain attack is slowly growing – according to Reuters, the attackers also breached U.S. Department of Homeland Security’s systems, the State Department, and the National Institutes of Health – Microsoft has decided that its Defender Antivirus will start blocking/quarantining the known malicious SolarWinds binaries today – even if the process is running.
Some companies are about to find out they actually do use SolarWinds in production… https://t.co/eQhOoPUDF8
— Yoshi (@ChicagoCyber) December 15, 2020
SolarWinds hackers’ many capabilities
As security researcher Vinoth Kumar pointed out, the attackers might have easily compromised the company’s update server by using a password that was published on their public Github repository for over a year or, as several Reuters sources noted, they might have bought access to SolarWinds’ computers through underground forums.
We’re likely still far from getting concrete information about how the attackers actually got into SolarWinds’ systems, but the company’s recent report to the U.S. Securities and Exchange Commission seems to point to Microsoft Office 365 account compromise as the initial vector.
On that note: Volexity researchers say that the SolarWinds hackers – a threat actor they named Dark Halo – have repeatedly compromised a U.S.-based think tank all through 2019 and 2020, and have demonstrated a wide variety of sophisticated capabilities.
“In the initial incident, Volexity found multiple tools, backdoors, and malware implants that had allowed the attacker to remain undetected for several years. After being extricated from the network, Dark Halo then returned a second time, exploiting a vulnerability in the organization’s Microsoft Exchange Control Panel,” they shared.
“Near the end of this incident, Volexity observed the threat actor using a novel technique to bypass Duo multi-factor authentication (MFA) to access the mailbox of a user via the organization’s Outlook Web App (OWA) service. Finally, in a third incident, Dark Halo breached the organization by way of its SolarWinds Orion software in June and July 2020.”
The picture they paint points to sophisticated attackers, who “displayed a reasonable level of operational security throughout the attack, taking steps to wipe logs for various services used and to remove evidence of their commands from infected systems.”
Despite many unnamed sources fingering Russian hacking group APT 29 (aka CozyBear) for the breach, Volexity noted that they “discovered no hints as to the attacker’s origin or any links to any publicly known threat actor.”
What should possible and confirmed targets do?
- Only its Orion Platform was compromised by the attackers, and only specific versions (released between March and June 2020)
- There are 18,000 customers potentially affected by this security vulnerability (i.e., that’s the number of customers who downloaded the booby-trapped Orion versions)
The company has provided advice on what organizations should do to check whether they are among those that have been compromised and what to do if they find out they have.
It’s good to note here that, while many organizations have apparently downloaded the malicious Orion versions and were saddled with the Sunburst backdoor, the attackers might have not used that access to rifle through their systems. From the information currently available, the attackers concentrated on a limited number of specific targets.
Microsoft and industry partners have taken over and sinkholed a domain that the Sunburst malware would contact to received further instructions, so they will be able to create a partial list of compromised organizations and notify them.
SolarWinds has provided clean updates for the Orion platform and guidelines on what organizations can do if they can’t perform the update. The DHS, FireEye, Volexity and Microsoft have provided additional advice and IoCs.
The security teams of organizations using the Orion platform have a lot of work ahead of them: they have to perform a thorough check of all their systems, networks and assets, all the while hoping that they weren’t singled out by the attackers for thorough compromise (or by other attackers whose presence they missed before!)
A “highly sophisticated” hacking group has breached the U.S. Treasury Department, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), other government agencies and private sector companies (including, apparently, FireEye) via compromised SolarWinds Orion software.
A supply chain attack
According to reports by FireEye and Microsoft, the hacking group managed to insert a backdoor (signed with SolarWinds’ legitimate certificates) into a DLL file used by the SolarWinds Orion platform, which organizations use for IT monitoring and management.
“Although we do not know how the backdoor code made it into the library, from the recent campaigns, research indicates that the attackers might have compromised internal build or distribution systems of SolarWinds,” Microsoft noted, and added that the backdoor was distributed via automatic update platforms or systems in target networks.
Once inside, the attackers moved laterally and proceeded to steal data.
According to Microsoft, they used administrative permissions acquired through an on-premises compromise to gain access to an organization’s trusted SAML token-signing certificate and they forged SAML tokens that impersonate any of the organization’s existing users and accounts (which allowed them to access to on-premises and cloud resources). They also made changes to the organizations’ Azure Active Directory settings to facilitate long term access.
SolarWinds has confirmed that SolarWinds Orion Platform software builds for versions 2019.4 HF 5 through 2020.2.1, released between March 2020 and June 2020, have been compromised and that a “clean” version (2020.2.1 HF 1) is now available for download.
“An additional hotfix release, 2020.2.1 HF 2 is anticipated to be made available Tuesday, December 15, 2020. We recommend that all customers update to release 2020.2.1 HF 2 once it is available, as the 2020.2.1 HF 2 release both replaces the compromised component and provides several additional security enhancements,” the company noted.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive instructing “all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.”
Who’s behind these attacks?
SolarWinds’ customers include US telecoms, all five branches of the US Military, various US federal agencies (including the Pentagon, State Department, and the Office of the President of the United States), more than 425 of the US Fortune 500 companies, and many higher education institutions.
FireEye says that this campaign may have begun as early as Spring 2020 and the attackers gained access to government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.
Washington Post sources say that the hacker group behind these attacks is APT29 (aka Cozy Bear), which has ties with the Russian Foreign Intelligence Service. Kremlin spokesman Dmitry Peskov said that Russia had nothing to do with the attacks on the U.S. Treasury and Commerce departments.
UPDATE (December 14, 2020, 8:40 a.m. PT):
SolarWinds has filed a report with the U.S. SEC, in which it stated that “the vulnerability … was introduced as a result of a compromise of the Orion software build system and was not present in the source code repository of the Orion products.”
Also, that it “currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” and that the attackers likely breached the company by compromising company emails (they use Microsoft Office 365 for its email and office productivity tools).
Through this expanded integration, MSPs will be able to more easily discover and monitor Cisco Meraki devices from within their N-central dashboards. The announcement further underscores the SolarWinds commitment to fuel partner success and help MSPs create a more connected and efficient ecosystem.
The integration will include routers, switches, and access points as part of the portfolio of Cisco Meraki cloud-managed solutions. By integrating these devices with the N-central platform, SolarWinds MSP partners can see the status of Cisco Meraki customers’ devices right in their monitoring and management dashboard, enable notifications and alerts, and monitor connectivity and traffic—as well as conduct license warranty reporting.
This streamlines the efficiencies for MSPs by allowing them to keep tabs on the health of their Cisco Meraki devices (as part of the continuing buildout of a fully integrated ecosystem), while leveraging the power of N-central to control, customize, and help secure complex environments.
“Cisco Meraki offers a comprehensive set of cloud solutions that give IT providers the opportunity to streamline and simplify the digital workplace, a goal that has never been more paramount as the definition of the workplace is in flux. Daily shifts from work from home and returning to the office require an elastic office space and IT infrastructure,” said Mav Turner, group vice president of products for SolarWinds MSP.
“This goal is fully aligned with SolarWinds MSP, as we work to empower MSPs to more easily fulfill a market need that has spiked almost overnight. As MSP customers seek their help more than ever, we believe the integration with Cisco Meraki and N-central will play another important role in supporting them.”
“SolarWinds N-central is known for its power as a remote monitoring and management solution that centralizes the ability for an MSP to see and manage everything from one easy-to-use dashboard,” said Marc Inderhees, Cisco-as-a-Service Sales Acceleration Leader, Cisco Systems.
“We are excited about the new integration of Cisco Meraki with N-central to give SolarWinds MSP partners a direct path for discovering and monitoring Cisco Meraki devices in their SolarWinds dashboard, so they can focus more of their time and energy on taking care of the businesses they support. Working with SolarWinds and its MSP partners will provide our mutual customers with even more opportunities to thrive and succeed.”
“Like most IT service providers, we’re more hyper-focused than ever right now, making sure the businesses we serve are up and running and secure,” stated Jeffrey Bowles, IT Lead/Partner, Act360 Web & IT Inc.
“To do that effectively, we have to be able to work as efficiently as possible. Having more visibility and direct monitoring of our Cisco Meraki devices from within our SolarWinds N-central dashboard is a key piece of the efficiency puzzle, and we’re excited to have this new capability.”
The Cisco Meraki integration expands on the growing list of industry-leading technology providers seeking an alliance with SolarWinds MSP to streamline and improve customer access to centralized monitoring, management, and security capabilities.
64% of IT pros are instilled with a new sense of confidence, despite contending with challenges such as reduced budgets, greater decision-making responsibilities, and longer hours caused by their organizations’ response to the pandemic, a SolarWinds survey reveals.
Likewise, 46% feel empowered to bring more ideas to the table while 58% say they now feel more prepared to succeed in similar unexpected situations.
“The success of organizations during this unique time is due in large part to IT pros’ preparedness and inherent ability to adapt and manage through substantial change,” said Rani Johnson, CIO, SolarWinds.
“2020—and the unexpected COVID-19 pandemic—is proof positive IT pros are built for moments like these. What’s particularly encouraging is IT pros’ perception and expectation IT will be included in more business-level decision-making moving forward.
“The dedication of IT pros around the world to ensuring business resiliency and continuity over the past several months serves to elevate and empower the IT community to work alongside business leaders to meet bigger organizational goals.”
IT pros’ upskilling likely to continue into the future
This newfound self-confidence, combined with IT pros’ achievements during this time, will completely transform how IT is viewed by the business in the future. IT may earn a more prominent voice in the C-suite, as 40% of surveyed IT pros believe they will now be involved in more business-level meetings.
Likewise, IT’s role will be up-leveled due to the vast upskilling 26% of IT pros underwent during this experience. With 31% admitting there’s a need to rethink internal processes to better accommodate the rapid change of pace required post-COVID, it’s highly likely a focus on IT pros’ upskilling will continue into the future.
“As always, with new responsibilities comes the need for new skills. While almost half of survey respondents felt they received the training required to adapt to changing IT requirements, nearly one-third experienced the opposite, and are at risk of being left behind as IT teams continue to grapple with how best to support the new normal,” said Johnson.
IT pros gaining an increased sense of confidence
IT pros said they’ve gained an increased sense of confidence in their expanded roles, responsibilities, and ability to adapt to unexpected change in the future, despite contending with more challenging working conditions over the course of the pandemic.
Respondents said longer work hours due to stretched teams (29%), more responsibility (28%) and decision-making requirements (28%), and a general increase in job-related stress (22%) were the leading ways in which day-to-day roles evolved in response to the impact of COVID-19.
Still, 64% agreed this experience—including changes to their day-to-day tasks—has given them a new sense of confidence in managing unprecedented change.
- 46% say the work they accomplished has empowered them to bring new ideas to the table.
- 58% say they now feel more prepared to succeed in any similar unprecedented situations in the future, while another 29% report feeling prepared to manage change but require additional resources, training, and support.
Given the achievements of IT pros during this period, 40% of respondents say they believe IT will be included in more business-level meetings and decision-making moving forward.
Remote workforce support requiring new skills
The implications of COVID-19 accelerated IT pros’ ongoing efforts to upskill in critical competencies, such as systems management, network management, and security policy and compliance.
26% of IT pros said it was necessary to learn new skills to support their organizations’ transitions to a remote workforce.
The top skills IT pros reported as the most important for development:
- Systems management (55%)
- Network management (50%)
- Security policy and compliance (43%)
- Hybrid IT monitoring/management tools and metrics (28%)
47% said they received the training they needed to learn these new skills; however, 25% are still waiting for those training resources to be made available.
The breadth of skills IT pros needed during this time shows how silos are disappearing, as roles start to blur together. In fact, today there is more crossover between traditional roles than there has ever been before and we will continue to see these lines blur until most silos are completely gone.
Technology, process, and team transformations are needed
In the coming months, IT organizations must undergo technology, process, and team transformations to accommodate the new IT requirements associated with extended remote-work scenarios post-pandemic.
71% of respondents felt supporting a remote workforce struck a balance in which certain aspects of day-to-day management were better, while others were more challenging.
- 31% agree there’s a need to rethink internal processes to better accommodate the more rapid pace of change required post-COVID.
- While 18% of respondents reported their toolsets and technologies fell short in addressing the unique challenges of remote workforces, 28% of IT pros flagged a need to consolidate existing solution suites (and their vendors) to simplify management, maintenance, and cost of upkeep.
Although the majority of IT organizations successfully managed the transition to remote work and played a critical role in ensuring business continuity, IT pros expect several trends to shape the future of their respective IT organizations:
- Greater cross-team collaboration (53%)
- More responsibility (46%)
- IT inclusion in more business-level meetings and decision-making (41%)
- Tighter budgets (even post-economic recovery) (26%)
- More opportunity to upskill/attend trainings (25%)
A new SolarWinds study revealed the operational impact of the current pandemic on managed services providers (MSPs) and future growth opportunities in the market.
The study surveyed 500 MSPs across Europe, North America, Australia, and New Zealand, to gain insight into how MSPs are successfully navigating the impact of COVID-19 and their views on the next 12 months in the market.
“To see the overwhelming majority of MSPs retain their staff during a time period characterized by uncertainty is truly heartening, especially given the important role MSPs have played in helping businesses digitally transform,” said Colin Knox, vice president of community, SolarWinds MSP.
“The technology industry, and the channel, is resilient but also resourceful, and this crisis has re-enforced the value MSPs bring to businesses. Without MSPs as an extension of the team — focused on risk mitigation and business continuity — many businesses would have been lost, and wouldn’t have been able to support remote working on such a vast, immediate scale. The knowledge, expertise, and skillset of MSPs has been crucial in this changing climate. They have truly become essential.”
Operational impact of the pandemic on managed services providers
- 59% of surveyed MSPs have applied for government financial relief programs, with 74% receiving the help they needed
- Over 80% of respondents have continued operating at their pre-pandemic staffing levels
- The majority of MSPs declared they have adapted their security services for work-from-home clients, with 59% of managed-services-centric businesses offering more security bundles than any other business model
66% of MSPs have reported going the extra mile to support their customers during this time. Along with adapting their security services for work-from-home clients, MSPs have been continuing to accommodate customer needs in the following ways during the pandemic:
- 65% of MSPs do not anticipate making any pricing changes to their managed services package in the long-term
- 24% have offered delayed payments
- 23% have offered temporary discounts
- 19% have reduced their services to fit shrinking customer budgets
- 13% intend to increase their prices following the pandemic
In terms of challenges, MSPs believe the biggest barriers they will face over the next year are:
- Securing new customers
- Social distancing requirements in the office and at customer sites
- Lower IT budgets and spending due to recession
- Adapting to having staff and clients work-from-home
The next 12 months
- MSPs continue to see security services as a crucial growth factor for advancement along with cloud services — 51% are set to increase their security services and 47% plan to increase cloud services sales
- 42% of respondents predicted growth will come from additional project work, and 39% expect an increase in managed services contracts
- For other potential growth opportunities, 40% of large MSPs also anticipate they will engage in a merger or acquisition to support expansion
- Nearly half of respondents estimate more than 20% of their clients will implement work-from-home policies post-pandemic
- Companies operating in a managed services business model show more confidence and expect stronger revenue growth than companies operating primarily in the break/fix business model
The report showed that although MSPs are comfortable with the security basics such as antivirus, backup, and firewalls, there was room for growth in some of the more advanced security solutions and offerings including penetration testing, auditing and compliance management, and risk assessments.
Dealing with the sheer variety and growth of security threats such as ransomware, malicious insider attacks, and advanced persistent threats, requires MSPs to take a broad, layered approach to security including robust solutions to defend against today’s sophisticated threats.
SolarWinds announced enhancements across its IT operations management portfolio built to meet the needs of IT professionals operating in hybrid IT realities and responding to economic pressures.
SolarWinds further extends its commitment to empowering the IT pro community by offering the ability to monitor, manage, and secure IT across hybrid and multi-cloud environments of any scale and size.
With today’s mass global adoption of remote operations, complexity and scale have raised the stakes for IT pros tasked with keeping workforces running at optimal performance against increased strains on applications, servers, databases, infrastructure, and networks—and the budgets on which they rely.
The importance of technology in fueling business success during times of crisis highlights the need for complete, end-to-end IT operations management solutions able both to scale for demand and to simplify complexity.
Further, the ability to consolidate to a single provider offering full-stack visibility at a fraction of the price other vendors charge, and with the flexibility of both subscription pricing and perpetual licensing options, allows organization of all sizes to meet today’s challenges reliably and sets them up for even greater success moving forward.
“The world has been changed by recent events, and the demands we’ve seen on IT departments are familiar, but on a scale we’ve never seen before,” said Lee McClendon, SVP, product, IT operations management, SolarWinds.
“Our recent updates to the IT operations management portfolio highlight our unique ability to give IT pros the certainty they need regardless of where their assets reside, the size of their company, or the macro factors impacting IT departments.
“No other vendor offers the same ease of use, full-stack visibility, and affordability delivered through a connected set of solutions that build as needs arise—no matter how great or small.”
Updates to the SolarWinds IT operations management portfolio showcase how SolarWinds is extending its promise to help IT pros achieve scale, simplification, and streamline hybrid IT toolsets by offering complete visibility.
The updates include new versions of network, systems, and database management products to deliver unprecedented depth in monitoring end-to-end hybrid commercial-off-the-shelf (COTS) and custom application delivery and performance.
“Today, a hybrid IT approach to monitoring and management requires having visibility into the entire tech stack, including COTS, custom, and SaaS-delivered applications, as well as beyond the firewall,” McClendon said.
“Monitoring every app and every part of the infrastructure counts, so having an affordable solution with flexibility enabling tech pros to troubleshoot quickly and ensure performance is at the heart of the updates we’re delivering across our portfolio. We give IT pros what they need to manage their environments in a hybrid world.”
Expanded software-defined solutions support
SolarWinds Virtualization Manager
- New HCI monitoring support for Nutanix to help eliminate visibility gaps and reduce toolset requirements. AHV virtual performance monitoring gives full control of virtual environments hosted on Nutanix infrastructure. Tech pros can now monitor, alert, and manage virtual workloads on the most popular hypervisors Nutanix supports (VMware, AHV, Hyper-V).
- New support for Nutanix to map applications with underlying hypervisors and infrastructure layers to provide visibility into the overall health and status of environments. Hardware health for OS-supported hardware allows tech pros to be alerted if there are any hardware faults or issues.
SolarWinds Server & Application Monitor
- New Nutanix Ready Certified. This certification indicates Server & Application Monitor can run on the Nutanix AHV hypervisor and uses the Nutanix REST APIs to work with AHV.
SolarWinds NetFlow Traffic Analyzer
- Server virtualization is ubiquitous. As a result, SolarWinds has added foundational visibility into NetFlow data from VMware vSphere distributed switches, allowing filtering of east-west traffic on specific hypervisors to help IT pros avoid service impacts when moving workloads—all in a single pane of glass.
SolarWinds User Device Tracker
- New SD-WAN support for Viptela vEdge provides a detailed port connection history for Viptela vEdge devices and capability to monitor for new connected devices for operations management and performance analysis.
Enhanced Azure and AWS troubleshooting and visibility
SolarWinds Service Desk
- New AWS integration auto-populates AWS resources into SolarWinds Service Desk, enabling IT pros to now have visibility into their AWS assets. With the new line of sight, IT pros can help reduce overspending and risk levels while improving IT service management.
SolarWinds Database Performance Analyzer
- New database coverage for PostgreSQL includes support for AWS, Azure, and on-premises environments, allowing DBAs to quickly pinpoint DBaaS and PaaS problems.
SolarWinds Network Performance Monitor
- New Azure network visibility into Azure site-to-site connections, client VPNs, and ExpressRoutes now allows for IT pros to abandon the time-consuming reconciliation process between their on-premises and cloud deployments. This hybrid monitoring solution exposes critical data necessary for VPN status and performance metrics and effectively completes our hybrid monitoring offering for Azure vNet Gateways.
Increased full-stack application and infrastructure monitoring
SolarWinds Server & Application Monitor
- New API poller templates enhance support for modern applications and infrastructure performance monitoring. With the new API poller templates, users have additional flexibility in how they can gather, sort, alert, and report on performance metrics from on-premises infrastructure and SaaS-based applications and workloads.
- New Office 365 monitoring templates for IaaS, SaaS, and PaaS application services, helping take the guesswork out of what’s essential to monitor on a per-application and -infrastructure basis.
SolarWinds Server Configuration Monitor
- New database visibility into Microsoft SQL, MySQL, and PostgreSQL now allows IT pros to continuously monitor for changes made to users, permissions, and objects that could impact the performance of business-critical applications in hybrid and cloud environments or indicate a security incident.
SolarWinds Orion Platform
- New Time Travel in Orion Maps lets IT pros go back in time to investigate issues from the past across their on-premises, hybrid, and cloud environments. The new feature generates a historical performance analysis, providing customers with meaningful context and clarity to their data and ensuring the totality of what it takes to deliver a service is easily understood.
SolarWinds, a leading provider of powerful and affordable IT management software, announced the launch of SolarWinds Service Desk Enterprise, a new solution to help enterprises manage IT complexity, scale IT support services, and increase security within the service desk.
SolarWinds Service Desk Enterprise offers advanced ITSM capabilities that meet the heightened security expectations of modern enterprises and improve key service management processes for employees.
Mature organizations require an enhanced level of dedicated support, the Enterprise plan includes on-boarding management and a dedicated customer success partner to help ensure successful adoption, making SolarWinds Service Desk one of the best values in the ITSM market today.
SolarWinds Service Desk Enterprise meets the challenges of modern enterprises by providing an upgraded CMDB data model to help service desk agents navigate even the most complex IT infrastructures.
By increasing visualization of IT configuration items, SolarWinds Service Desk Enterprise makes it possible for organizations to better deliver robust change impact assessments, speed up approvals, reduce incident resolution times, and improve risk analysis and overall IT service efficiency.
With strengthened measures that require multi-factor authentication for service desk logins, SolarWinds Service Desk Enterprise also helps its customers meet various security requirements and compliance standards.
“Today’s organizations have higher expectations for process automation and IT support, which require a service desk that can solve complex issues and support key business processes,” said Steve Stover, vice president of product strategy at SolarWinds.
“By providing updated visualization tools that tie to key service management needs such as change management and workflow automation, SolarWinds Service Desk Enterprise helps service desk agents exceed expectations with scalable and secure IT services.”
With these new capabilities and enhanced offerings, enterprise customers can:
- Reduce risk: Multi-factor/2FA authentication for service desk agents improves access control on the SolarWinds web application, employee portal and mobile platform. This is especially crucial for organizations in verticals such as finance, healthcare, and local and federal government. The CMDB visualization provides a means to assess change impact and reduce risk.
- Improved service availability: By enabling more efficient asset lifecycle management processes and faster incident resolution times, there’s increased uptime with better management of change of IT assets and services. Change management workflows now drive automation and consistent execution of the changes.
- Speed up problem resolution: Automatically visualizing configuration models and relationship types with SolarWinds upgraded CMDB enables faster contextualization of IT issues, incident resolution, and change, configuration, and problem management.
“IT teams are looking for ITOM solutions that drive cost reduction and containment, while enabling accelerated transformation through integrations across operational disciplines such as IT operations management and the service desk,” said Stephen Elliot, vice president management software and DevOps at IDC.
“Customers are demanding critical features that enable deeper visibility and workflow automation that balance business outcomes across growth and cost metrics.”
IT complexity, insider threats, and an abundance of privileged users plague public sector cyber readiness, a SolarWinds report has revealed, based on the answers from 400 IT operations and security decisionmakers, including 200 federal, 100 state and local, and 100 education respondents.
Careless and untrained insiders the leading source of security threats
For the fifth year in a row, careless and untrained insiders are the leading source of security threats for public sector organizations.
- Fifty-two percent of total respondents cited insiders as the top threat; this number is consistent for both federal and state and local respondents.
- In the education sector, respondents pointed to the general hacking community (54%) as the top threat.
Budget constraints as top obstacle
Budget constraints, followed by complexity, top the list of significant obstacles to maintaining or improving organizational IT security.
- Education respondents indicated more so than other public sector groups that budget constraints (44% in K-12) are obstacles to maintaining or improving IT security. State and local respondents indicated 27%, followed by federal respondents at 24%.
- Federal respondents indicated complexity of the internal environment (21%) is one of the most significant obstacles, surpassed only by budget constraints (24%).
- While budget constraints have declined since 2014 for the federal audience (40% in 2014; 24% in 2019), respondents also recognized the complexity of the internal environment as an obstacle that has increased (14% in 2014; 21% in 2019).
Cybersecurity maturity needs attention
Cybersecurity maturity needs attention across public sector organizations; on average, respondents rated their agency’s maturity at a 3.5 on a scale of one to five.
- Respondents indicated that their capabilities are most mature in the following areas: endpoint protection (57%), continuity of operations (57%), and identity and access management (56%). However, there was not a single cybersecurity capability for which more than 57% of respondents claimed to be organizationally mature.
Public sector lacks confidence in tackling evolving threats
Less than half of public sector respondents are very confident in their team’s ability to keep up with evolving threats, regardless of whether the organization outsources its security operations or not.
- Forty-seven percent of respondents who outsource at least part of their security operations to a managed service provider (MSP) (28% of total respondents), feel very confident in this ability.
- The vast majority of respondents (86%) rely on in-house staff as their primary security team. Only 41% of this pool feel very confident in their team’s ability to maintain the right skills.
Evaluating metrics to measure IT security team success
Most public sector organizations measure the success of their IT security teams by evaluating metrics such as the number of detected incidents (58%) or their team’s ability to meet compliance goals (53%), which, as standalone metrics, may not accurately reflect an agency’s risk profile or the IT team’s success.
- State and local respondents were also likely to consider the number of threats that were averted (56%), while education respondents focused on level of device preparedness (46%).
- Seventy-five percent of respondents indicated compliance mandates or regulations such as GDPR, HIPAA, FISMA, RMF, DISA STIGs, etc., have had a significant or moderate impact on the evolution of their organizations’ IT security policies and practices.
Public sector orgs struggling to segment users by risk level
Public sector organizations struggle to segment users by risk level and manage the security threats posed by both privileged and non-privileged users.
- Sixty-one percent of respondents formally segment users by risk level; however, the segmentation process is challenging because of the growing number of systems users need access to (48%), the increased number of devices (45%) and the growing number of users (43%).
- Forty-one percent of respondents claimed to have privileged users not in IT. Privileged users have admin-level access to IT systems, and the extension of too much privilege across an organization can lead to increased risk.
- Nearly one-third of respondents (30%) have a formal zero-trust strategy in place; another 32% are modeling their approach based on zero trust but don’t have a formal strategy.
“These results clearly demonstrate the degree to which most public sector organizations are struggling to manage cyber risk,” said Tim Brown, vice president of security for SolarWinds.
“While it’s heartening to see that almost two-thirds of respondents are formally segmenting users—a helpful step in managing risk—the data finds careless and untrained users to still be the weakest link.
“Additionally, we’re seeing a widespread lack of organizational maturity—even in technologies like endpoint protection that have been around forever. It’s therefore no surprise that only four in ten respondents feel very confident their security team can keep up with the evolving threats.”
Managed services remain healthy and profitable, with great opportunities for growth, including advanced security, automation, and business operations, a SolarWinds report reveals.
MSPs comfortable with security basics
- For solutions in North America, respondents were most comfortable offering and using antivirus (89%), firewalls (83%), data backup and recovery (81%), and endpoint security (75%).
- In Europe, respondents were most comfortable offering and using antivirus (93%), data backup and recovery (82%), firewalls (82%), and antispam (80%) as solutions.
However, MSPs have room for growth in some of the more advanced security solutions and offerings, as respondents were less confident in the more complex controls:
- European and North American respondents selected the same top three solutions they were least comfortable with: biometrics, cloud access security brokers (CASBs), and digital rights management.
- On the services end, European respondents were least comfortable with penetration testing (52%), auditing and compliance management (39%), and risk assessments (36%). North American respondents were least comfortable with auditing and compliance management (53%), penetration testing (47%), and security system architecture (39%).
MSPs increasing the use of automation
The results also showed MSPs are starting to increase the use of automation to handle day-to-day tasks such as patch management and backup, but don’t feel comfortable with automating the advanced tasks:
- Automation saves North American MSPs an average of 15.6 full-time employee hours per week and in Europe, an average of 23 full-time employee hours per week.
- In North America, respondents were least comfortable automating client onboarding (44%) with identity and access management in second place (38%). In Europe, respondents were least comfortable automating SQL query workflows (57%) but shared their discomfort with automating identity and access management with their North American counterparts.
2019 showed an improvement in customer retention
In the 2018 report, MSPs were losing customers almost as fast as they gained them, but 2019 showed an improvement in customer retention. Two of the top three reasons for losing customers stemmed from the customer rather than the service provider:
- In North America, respondents pick up an average of four clients every three months while losing one in the same period.
- In Europe, respondents pick up an average of three clients every two months while losing more than one on average in the same period.
- Top causes of customer loss included the company either went out of business (26% in North America and 16% in Europe) or were fired by the partner (25% in North America and 16% in Europe).
Biggest growth obstacles for MSPs
Another key finding showed core business operations are still amongst the biggest growth obstacles for MSPs including lack of resources/time, sales, and marketing:
- North American MSPs claimed their biggest obstacles toward growth were sales (43%), lack of resources/time (42%), and marketing (26%).
- European MSPs claimed their biggest obstacles toward growth were lack of resources/time (41%), sales (32%), and security threats (32%).
Many providers claim a lack of sales and marketing expertise is a major anchor on their growth—hiring specialized staff could help close the gap or training for existing employees.
While application performance management (APM) has become mainstream with a majority of tech pros using APM tools regularly, there’s work to be done to move beyond troubleshooting, according to SolarWinds.
The opportunity for tech pros lies in fully leveraging the benefits of APM across the entire application stack, so they can better communicate results to the organizations they serve.
Nearly nine in 10 tech pros use APM tools in their environments, whether on-premises, hybrid, or in the cloud. However, respondents report their highest confidence area in managing and monitoring applications is troubleshooting.
This is consistent with last year’s findings, in which nearly half of respondents said troubleshooting was a top three task they managed daily. To move beyond troubleshooting, tech pros cite a need for more training and education on which APM solutions best suit their environments.
How to maximize the value of APM solutions and strategies
According to the survey, tech pros also report the need to develop skills in tracking APM impact across key business metrics to maximize the value of their APM solutions and strategies.
“The Cloud Confessions results show that while APM has finally hit mainstream, it’s largely misunderstood and therefore underutilized. This isn’t surprising considering APM has typically been siloed across DevOps and Operations teams without a holistic view of the application code, supporting infrastructure, and end-user experience,” said Jim Hansen, vice president of products, application management, SolarWinds.
“To move beyond simply reactive troubleshooting, tech pros should consider modern APM tools as the keystone to connecting these previously siloed functions to gain comprehensive insight across the entire application stack.
“When tech pros achieve this level of proactive optimization with their APM tools, they’ll feel more empowered in their roles, in collaborating across teams, and in communicating results to the business at large.”
“The findings also underscore our belief that APM tools should be simple, powerful, and affordable, enabling tech pros at any stage in their APM journey to realize the value and richness of an APM strategy,” added Hansen.
Confusion around which tools are ideal for specific IT environments
Tech pros are using APM tools, employing a nearly even mix of SaaS and on-premises to support the three architectures most often found in modern environments. Despite this, confusion around which tools are ideal for specific IT environments is consistent across application owners, developers, and support team roles.
Nearly nine in 10 tech professionals are using APM tools in their environments.
- 59% are using APM for monolithic (traditional on-prem) app development architectures
- 40% are using APM for N-tier service-oriented architectures
- 39% are using APM for microservices
The top three most commonly deployed tools in support of APM strategies are:
- Database monitoring (64%)
- Application monitoring (63%)
- Infrastructure monitoring (61%)
Two-fifths of tech pros face challenges due to lack of awareness of what APM solutions are currently offered and confusion over which currently offered APM solutions are best for their needs (respectively).
Confidence among tech pros is high
Overall, tech pros are confident in their ability to manage and monitor applications on-prem, in hybrid environments, and in the cloud; this confidence mostly sits within their ability to troubleshoot.
- Over eight in 10 (84%) respondents are confident in their ability to successfully manage application and infrastructure performance.
- Two-fifths (40%) of tech pros surveyed are most confident troubleshooting application issues and monitoring application availability and performance (respectively) given their existing skillset, followed by one-third (32%) of tech pros confident in collaborating with team members.
- Troubleshooting and monitoring as the top two areas where tech pros have the most confidence is consistent with last year’s findings—in 2019, troubleshooting app issues was the number one activity tech pros spent their time on, with 48% of respondents choosing this as a top three task.
The largest challenges tech pros face when monitoring and managing application and infrastructure performance relate to an existing knowledge and skills-gap. As a result, tech pros have continued to deal with the troubles of troubleshooting, despite nearly all using some type of APM tool in the last 12 months.
When ranking the challenges, tech pros said:
- Lack of training for personnel was the top challenge (57%), followed by lack of awareness of what APM solutions are currently offered (44%) and confusion over which currently-offered APM solutions are best for our needs (42%).
- All other challenges were at, or under, the 30% rate.
Nearly eight in 10 (78%) tech pros report spending less than 10% of their time proactively optimizing their environments (vs. reactively maintaining). In 2019, 77% of respondents reported spending the same amount of time on proactive optimization.
Greater skills development is needed
Tech pros value the business insights delivered from APM tools, but greater skills development is needed in establishing KPIs and communicating IT performance to the business.
The top three business insights tech pros gain from APM tools include:
- Ability to prevent applications outages (73%)
- Ability to prevent app slowdown related to performance and/or capacity (63%)
- Ability to improve user/customer experience (62%)
Tech pros are collecting these business metrics, but there’s a need to bridge the gap between business metrics collected and tech pros’ confidence in their ability to communicate performance to the business.
34% of tech pros feel they need to improve their current skillset/ability to track impact across key business metrics in order to more confidently manage their organization’s IT environment, followed by 30% of tech pros who feel they need to improve their current skillset/ability to troubleshoot application issues, improve the performance of application code (29%), and manage/ensure/improve end-user performance (29%) (respectively).
The findings of this report are based on a survey fielded in November 2019, which yielded responses from 317 application owners, developers, and support team professionals (practitioner, manager, and director roles) in the U.S. and Canada from public- and private-sector small, mid-size, and enterprise organizations. Respondents include 101 application owners, 108 developers, and 108 support team technology professionals.