AUSTIN, TX -- (Marketwired) -- 05/01/13 -- IT Security can overwhelm even the most seasoned security expert when headline-grabbing threats like Spamhaus DDoS are brought to the forefront by media. SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT management software, today outlined six security threats that many IT professionals never think they'll face (until they do) and provided best practices to help prevent and manage unwanted threats from becoming a reality.
1. Targeted espionage - While security experts may know better, many IT pros might think: "My organization is not a high-value target. What do we have that anyone would want?" In reality, the answer is more than they would guess. Sensitive and personal information like credit card and social security numbers, patient records, to name a few. Plus, with direct access to the breached network, they could do damage to other organization's networks.
2. Unintentional or accidental loss of that data - Aside from organizations placing a great deal of trust in their employees and believing that their policies are adequate, what might take IT pros by surprise is simple employee ignorance. Due to the proliferation of personal mobile devices, employees are taking their work home with them more often. This has made it extremely difficult to keep track of who and what is connecting to the network, resulting in less control and increased security risks.
3. Denial of Service Attacks (DoS) - DoS and DDoS attacks are among the inventive hacking practices on the rise that could bring down business critical services, inhibiting user access and business continuity. IT pros may get caught off guard with this type of attack since, in many cases, it's the result of someone out to wreak some havoc.
4. Understaffed IT team - As organizations grow and bandwidth for time and resources are taxed, it's easy for over-extended IT pros to overlook existing rules and inadvertently open security holes simply by not knowing the full impact of their changes, or for under-experienced IT pros to not know what to monitor and what tools to use.
5. Phishing attempts - Culprits masquerading as a trustworthy entity attempt to acquire usernames, passwords, credit card details, and account information to gain access to a system through email or via instant messaging. Organizations which are most affected believe that their controls are good enough, relying on junk mail as a catch-all or their users to know when and when not to open suspicious email.
6. Malware exploiting common vulnerabilities in Java and Flash runtimes - For many, if not most, organizations, third-party applications like Java and Flash are critical infrastructures required to use a large number of business applications. Organizations are prime targets for infestations when IT pros assume that the most recent application version is security-proof, they are not up-to-date on their patches, or when they don't have full account of all the applications installed by end users.
Before You Booby-trap the Perimeter, Lock the Front Door
It's easy to get caught up in preventing what-if scenarios, but it's most important to remember Security 101 -- the basics of what every IT pro should consider when securing their network, including:
- Define and establish security policies and rules.
- Document your network, policies and access.
- Continuously track and monitor activity and behavior with real-time alerts and reporting.
- Automate with software tools where you can.
- Have an incident response plan including when to notify corporate legal, PR and customers/clients.
- Regroup after an incident to ensure appropriate actions have been taken to mitigate risk in the future.
- Use operational management tools to gain insight into suspicious behavior.
"In the pursuit of defending against the latest and most sophisticated attacks, we find many IT professionals doing so at the expense of fundamental security controls. IT security is not always about over-complicated issues or threats, but doing the basic steps to ensure you have a secure foundation in place," said Javvad Malik, senior analyst, 451 Research.
Security Management for Every IT Pro, Organization
For IT pros that don't spend their day thinking about security yet need the tools to tackle everyday operational security challenges, SolarWinds offers IT pros a number of powerful, easy-to-use and affordable products with security functionality built-in. From Security Information and Event Management (SIEM) to firewall and patch management and more, IT pros can assess their environment and deploy SolarWinds' IT management products on a need-by-need basis to achieve end-to-end security visibility.
- SolarWinds Log & Event Manager - SIEM; endpoint data loss monitoring
- SolarWinds Firewall Security Manager - Firewall security management
- SolarWinds Patch Manager - Endpoint vulnerability management
- SolarWinds User Device Tracker - User and device tracking
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our online community, thwack, to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.
SolarWinds, SolarWinds.com and thwack are registered trademarks of SolarWinds. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.