Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Dark Reading
Dark Reading
Products and Releases

Consolidation and Modernization Chief Among Federal IT Security Concerns SolarWinds Survey Discovers

In SolarWinds' Third Annual Federal Cybersecurity Survey, Organizational Changes Expected to Increase Security Challenges; Foreign Governments and Insiders Named Biggest Threat Sources

HERNDON, VA --(Marketwired - March 01, 2016) - SolarWinds, a leading provider of powerful and affordable IT management software, today announced the results of its third annual Federal Cybersecurity Survey*, which explores the biggest barriers to improving IT security, including exposure during consolidation and modernization processes, threats from foreign governments and careless or untrained insiders. The findings also highlight how the implementation of IT security management tools help mitigate threats, strengthening security strategies.

"As federal IT departments move through the process of consolidation and modernization, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros," said Mav Turner, director of product strategy, SolarWinds. "When completed, consolidation and modernization projects will provide more efficient and secure environments, but this isn't going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate."

Organizational obstacles present IT security challenges

  • Almost half (48%) of respondents stated that IT consolidation and modernization efforts have resulted in an increase in IT security challenges because transitions are incomplete (48%), enterprise management tools are too complex (46%), and there is a lack of familiarity with new systems (44%)
    • In contrast, 20 percent of respondents indicated that modernization and consolidation can decrease security challenges citing replacing legacy software (55%) and equipment (52%) and simplified administration and management (42%) as key contributors to this result
  • Behind budget constraints (29%), the greatest obstacles to improving IT security are complexity of internal environments (16%) followed by inadequate collaboration with other internal teams (12%)

Foreign governments now rival careless or untrained insiders as biggest threat to IT security

  • For the first time, foreign governments tied with careless or untrained insiders as the greatest IT security threat, with 48 percent of respondents indicating that they top their list
    • Careless and untrained insiders dropped from 2015 responses when 53 percent of respondents saw insiders as the biggest threat, but is still higher than 2014 (42%)
    • Foreign governments saw an increase of 10 percentage points over 2015, indicating it is a top security threat
  • When asked to compare their agency's IT security attack vulnerability with last year, respondents claimed the increased sophistication of threats (44%) made their agencies more vulnerable followed by volume of attacks (26%) and end user policy violations (24%)

Implementing tools and strategies mitigate IT security threats

  • While 84 percent of respondents see their investment in security tools increasing (51%) in 2016 or staying the same (33%) as it was in 2015, it is important to ensure that the investment is in the right security tools
  • Of the 62 percent of respondents whose agencies currently use patch management software, 45 percent have seen a decrease in the time required to detect a security breach and 44 percent a decrease in the time required to respond 
  • Of the 62 percent of respondents whose agencies currently use configuration management software, 47 percent have seen a decrease in the time required to respond to security breaches
  • Only 36 percent of respondents said their agencies security information and event management (SIEM) products in place, but those that have a SIEM solution implemented are significantly more equipped to detect almost every single threat listed in the survey
  • 72 percent of respondents currently use Smart Card/Common Access Card for authentication, and 38 percent say increased use of Smart Cards for dual-factor authentication makes them less vulnerable to security attacks

"SolarWinds' annual cybersecurity survey tracks the sources of IT security threats and challenges that federal IT professionals face. This year it was good to see that 28 percent of respondents feel less vulnerable in spite of 38 percent seeing an increase in the number of IT security incidents," said Laurie Morrow, director of research services, Market Connections, Inc. "These insights and the extended research provides insight into how agencies ensure their IT security in light of internal change and an ever-growing list of external threats."

SolarWinds ® Solutions for Government

  • SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.
  • U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, and National Institute of Standards and Technology (NIST) compliance.
  • SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA, NIST, and more. SolarWinds' thwack® online user community provides information on Smart Card and Common Access Card (CAC) product support and a number of out-of-the-box compliance report templates available to download for free that are designed to help users prepare for an inspection.

For more product and GSA pricing information and for a fully functional free trial of all above products, visit the SolarWinds Government Solutions page.

Additional Resources:

* In December 2015 and January 2016, independent research firm Market Connections, Inc.surveyed 200 IT security professionals in U.S. federal civilian and defense agencies on behalf of SolarWinds. Full survey results are available upon request.

About Market Connections, Inc.

Market Connections delivers actionable intelligence and insights that enable improved business performance and positioning for leading businesses, trade associations and the public sector. The custom market research firm is a sought-after authority on preferences, perceptions and trends among the public sector and the contractors who serve them, offering deep domain expertise in information technology and telecommunications, health care and education. For more information visit www.marketconnectionsinc.com.

About SolarWinds

SolarWinds provides powerful and affordable IT management software to customers worldwide from Fortune 500® enterprises to small businesses, government agencies and educational institutions. We are committed to focusing exclusively on IT Pros, and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. Regardless of where the IT asset or user sits, SolarWinds delivers products that are easy to find, buy, use, maintain, and scale while providing the power to address all key areas of the infrastructure from on premises to the Cloud. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.

SolarWinds, SolarWinds & Design and thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other company and product names mentioned are used only for identification purposes and may be or are intellectual property of their respective companies.

© 2016 SolarWinds Worldwide, LLC. All rights reserved. 


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter.
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.
PUBLISHED: 2021-05-10
Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter.