Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/11/2016
09:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Consolidation and Modernization Chief Among Federal IT Security Concerns SolarWinds Survey Discovers

In SolarWinds' Third Annual Federal Cybersecurity Survey, Organizational Changes Expected to Increase Security Challenges; Foreign Governments and Insiders Named Biggest Threat Sources

HERNDON, VA --(Marketwired - March 01, 2016) - SolarWinds, a leading provider of powerful and affordable IT management software, today announced the results of its third annual Federal Cybersecurity Survey*, which explores the biggest barriers to improving IT security, including exposure during consolidation and modernization processes, threats from foreign governments and careless or untrained insiders. The findings also highlight how the implementation of IT security management tools help mitigate threats, strengthening security strategies.

"As federal IT departments move through the process of consolidation and modernization, the complexity of IT environments increases significantly and the responsibility of managing both legacy infrastructure and upgraded systems places a considerable burden on IT pros," said Mav Turner, director of product strategy, SolarWinds. "When completed, consolidation and modernization projects will provide more efficient and secure environments, but this isn't going to happen overnight, so additional attention must be given to securing environments against threats no matter where they originate."

Organizational obstacles present IT security challenges

  • Almost half (48%) of respondents stated that IT consolidation and modernization efforts have resulted in an increase in IT security challenges because transitions are incomplete (48%), enterprise management tools are too complex (46%), and there is a lack of familiarity with new systems (44%)
    • In contrast, 20 percent of respondents indicated that modernization and consolidation can decrease security challenges citing replacing legacy software (55%) and equipment (52%) and simplified administration and management (42%) as key contributors to this result
  • Behind budget constraints (29%), the greatest obstacles to improving IT security are complexity of internal environments (16%) followed by inadequate collaboration with other internal teams (12%)

Foreign governments now rival careless or untrained insiders as biggest threat to IT security

  • For the first time, foreign governments tied with careless or untrained insiders as the greatest IT security threat, with 48 percent of respondents indicating that they top their list
    • Careless and untrained insiders dropped from 2015 responses when 53 percent of respondents saw insiders as the biggest threat, but is still higher than 2014 (42%)
    • Foreign governments saw an increase of 10 percentage points over 2015, indicating it is a top security threat
  • When asked to compare their agency's IT security attack vulnerability with last year, respondents claimed the increased sophistication of threats (44%) made their agencies more vulnerable followed by volume of attacks (26%) and end user policy violations (24%)

Implementing tools and strategies mitigate IT security threats

  • While 84 percent of respondents see their investment in security tools increasing (51%) in 2016 or staying the same (33%) as it was in 2015, it is important to ensure that the investment is in the right security tools
  • Of the 62 percent of respondents whose agencies currently use patch management software, 45 percent have seen a decrease in the time required to detect a security breach and 44 percent a decrease in the time required to respond 
  • Of the 62 percent of respondents whose agencies currently use configuration management software, 47 percent have seen a decrease in the time required to respond to security breaches
  • Only 36 percent of respondents said their agencies security information and event management (SIEM) products in place, but those that have a SIEM solution implemented are significantly more equipped to detect almost every single threat listed in the survey
  • 72 percent of respondents currently use Smart Card/Common Access Card for authentication, and 38 percent say increased use of Smart Cards for dual-factor authentication makes them less vulnerable to security attacks

"SolarWinds' annual cybersecurity survey tracks the sources of IT security threats and challenges that federal IT professionals face. This year it was good to see that 28 percent of respondents feel less vulnerable in spite of 38 percent seeing an increase in the number of IT security incidents," said Laurie Morrow, director of research services, Market Connections, Inc. "These insights and the extended research provides insight into how agencies ensure their IT security in light of internal change and an ever-growing list of external threats."

SolarWinds ® Solutions for Government

  • SolarWinds software is available on the U.S. General Services Administration (GSA) Schedule, Department of Defense ESI, and other contract vehicles.
  • U.S. Government certifications and approvals include Army CoN, Air Force APL, Navy DADMS; and Technical Requirements include FIPS compatibility, DISA STIGs, and National Institute of Standards and Technology (NIST) compliance.
  • SolarWinds also has hundreds of built-in automated compliance reports, which meet requirements of all major auditing authorities, including DISA STIG, FISMA, NIST, and more. SolarWinds' thwack® online user community provides information on Smart Card and Common Access Card (CAC) product support and a number of out-of-the-box compliance report templates available to download for free that are designed to help users prepare for an inspection.

For more product and GSA pricing information and for a fully functional free trial of all above products, visit the SolarWinds Government Solutions page.

Additional Resources:

* In December 2015 and January 2016, independent research firm Market Connections, Inc.surveyed 200 IT security professionals in U.S. federal civilian and defense agencies on behalf of SolarWinds. Full survey results are available upon request.

About Market Connections, Inc.

Market Connections delivers actionable intelligence and insights that enable improved business performance and positioning for leading businesses, trade associations and the public sector. The custom market research firm is a sought-after authority on preferences, perceptions and trends among the public sector and the contractors who serve them, offering deep domain expertise in information technology and telecommunications, health care and education. For more information visit www.marketconnectionsinc.com.

About SolarWinds

SolarWinds provides powerful and affordable IT management software to customers worldwide from Fortune 500® enterprises to small businesses, government agencies and educational institutions. We are committed to focusing exclusively on IT Pros, and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. Regardless of where the IT asset or user sits, SolarWinds delivers products that are easy to find, buy, use, maintain, and scale while providing the power to address all key areas of the infrastructure from on premises to the Cloud. Our solutions are rooted in our deep connection to our user base, which interacts in our thwack online community to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.

SolarWinds, SolarWinds & Design and thwack are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other company and product names mentioned are used only for identification purposes and may be or are intellectual property of their respective companies.

© 2016 SolarWinds Worldwide, LLC. All rights reserved. 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
CVE-2011-1930
PUBLISHED: 2019-11-14
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVE-2011-1145
PUBLISHED: 2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVE-2011-1488
PUBLISHED: 2019-11-14
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent withi...