solarwinds federal cybersecurity survey 2016
TRANSCRIPT
© 2016 Market Connections, Inc.
SolarWinds® Federal Cybersecurity Survey Summary Report2016
© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
2
Background and ObjectivesSolarWinds contracted Market Connections to design and conduct an online survey among 200 federal government IT decision makers and influencers in December 2015 and January 2016. SolarWinds was not revealed as the sponsor of the survey.
The main objectives of the survey were to:
• Determine challenges faced by IT professionals to prevent IT security threats
• Quantify sources and types of IT security threats and what makes agencies more or less vulnerable
• Measure changes in investment of resources in addressing threats
• Determine the IT security tools used to mitigate risk and the time it takes to detect security events and compliance issues
• Address the affects of IT modernization and consolidation efforts on agency IT security challenges
Throughout the report, notable significant differences are reported.
Due to rounding, graphs may not add up to 100%.
BACKGROUND AND OBJECTIVES
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
3
Organizations Represented
RESPONDENT CLASSIFICATIONS
• If a respondent did not work for any of the specific organization types noted below, the survey was terminated.
Which of the following best describes your current employer?What agency do you work for?
Federal Legislature
Federal Judicial Branch
Intelligence Agency
Department of Defense or Military Service
Federal, Civilian or Independent Government Agency
0% 10% 20% 30% 40% 50% 60%
2%
2%
2%
43%
50%
Organizations RepresentedSample Organizations Represented
(In Alphabetical Order)
Air Force Department of Transportation (DOT)
Army Department of Treasury (TREAS)
Department of Agriculture (USDA) Department of Veteran Affairs (VA)
Department of Commerce (DOC) General Services Administration (GSA)
Department of Defense (DOD) Judicial/Courts Department of Energy (DOE) Marine Corps
Department of Health and Human Services (HHS) National Science Foundation (NSF)
Department of Homeland Security (DHS) Navy
Department of Labor (DOL) Office of Personnel Management (OPM)
Department of State (DOS) Social Security Administration (SSA)
Department of the Interior (DOI) US Postal Service (USPS)N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
4
Other involvement
Make the final decision
Develop technical requirements
Evaluate or recommend firms
Manage or implement security/IT operations
On a team that makes decisions
0% 10% 20% 30% 40% 50% 60%
5%
20%
45%
46%
50%
54%
RESPONDENT CLASSIFICATIONS
How are you involved in your organization’s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply)
Note: Multiple responses allowedN=200
Decision Making Involvement• All respondents are knowledgeable or involved in decisions and recommendations regarding IT
operations and management and IT security solutions and services.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Less than 1 Year
1-2 Years
3-4 Years
5-9 Years
10-14 Years
15-20 Years
20+ Years
0% 10% 20% 30% 40%
1%
3%
10%
20%
20%
16%
30%
Tenure
Other
CSO/CISO
CIO/CTO
Security/IA director or manager
Security/IA staff
IT/IS staff
IT director/manager
0% 10% 20% 30% 40%
16%
2%
4%
6%
8%
27%
36%
Job Function
RESPONDENT CLASSIFICATIONS 5
Which of the following best describes your current job title/function?How long have you been working at your current agency?
Job Function and Tenure
Examples Include:• Director of
Operations• Management
Analyst• Program
Manager
N=200
• A variety of job functions and tenures are represented in the sample, with most being IT management and working at their agency for over 20 years.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
6IT MODERNIZATION AND CONSOLIDATION
48%
20%
32%
Increase
Decrease
No effect
In your opinion, do you think the government’s IT modernization and consolidation efforts have resulted in an increase or decrease in the IT security challenges your agency faces?
N=200
Government IT Modernization• Almost half say that the government’s IT modernization and consolidation efforts have
resulted in an increase in security challenges.• Less than one-quarter believe that security challenges have decreased.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
7IT MODERNIZATION AND CONSOLIDATION
Other
Too much consolidation
Increased compliance reporting
Cloud services adoption
Organizational changes have disrupted IT processes
Lack of familiarity with new systems
Complex enterprise management tools
Incomplete transitions and difficulty supporting everything
0% 10% 20% 30% 40% 50% 60%
5%
29%
31%
35%
36%
44%
46%
48%
Increased IT Challenges
What are the reasons you believe cyber security challenges have increased as a result of the government's IT modernization and consolidation efforts? (select all that apply)
Note: Multiple responses allowedN=95
Increased Security Challenges• Incomplete transitions during consolidation and modernization projects, complex enterprise
management tools and the lack of familiarity with new systems are the main reasons respondents believe IT modernization efforts have resulted in increased security challenges.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
8IT MODERNIZATION AND CONSOLIDATION
Reduced need and time for training
Fewer IT management tools with fewer interfaces
Reduced number of devices to support
Cloud services adoption
Fewer configurations to manage and support
Standardization simplifies admin/mgmt
Legacy equipment replacement
Legacy software replacement
0% 10% 20% 30% 40% 50% 60%
15%
25%
25%
32%
40%
42%
52%
55%
Decreased IT Challenges
What are the reasons you believe cyber security challenges have decreased as a result of the government's IT modernization and consolidation efforts? (select all that apply)
Note: Multiple responses allowedN=40
Decreased Security Challenges• Replacement of legacy software and equipment are the main reasons respondents believe IT
modernization efforts have resulted in decreased security challenges.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
9
Other
Lack of clear standards
Lack of technical solutions available at my agency
Lack of training for personnel
Lack of manpower
Lack of top-level direction and leadership
Inadequate collaboration with other internal teams or departments
Competing priorities and other initiatives
Complexity of internal environment
Budget constraints
0% 5% 10% 15% 20% 25% 30% 35%
2%
4%
4%
6%
7%
7%
12%
14%
16%
29%
IT Security Obstacles
IT SECURITY OBSTACLES, THREATS AND BREACHES
What is the most significant high-level obstacle to maintaining or improving IT security at your agency?
N=200
January 2014: Budget
constraints 40%
• Budget constraints top the list of significant obstacles to maintaining or improving agency IT security. This has decreased from 40% in the SolarWinds Cybersecurity Survey conducted Q1 2014.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
10
None of the above
Unsure of these threats
Other
Industrial spies
For-profit crime
Malicious insiders
Terrorists
Hacktivists
General hacking community
Foreign governments
Careless/untrained insiders
0% 10% 20% 30% 40% 50% 60%
1%
1%
2%
16%
18%
22%
24%
38%
46%
48%
48%
Sources of Security Threats
IT SECURITY OBSTACLES, THREATS AND BREACHES
What are the greatest sources of IT security threats to your agency? (select all that apply)
Note: Multiple responses allowedN=200
= statistically significant difference
Defense Civilian
Foreign governments 62% 37%
General hacking community 35% 56%
For-profit crime 12% 24%
• Careless/untrained insiders, foreign governments and the general hacking community are noted as the largest sources of security threats at federal agencies.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
11
Sources of Security Threats -Trend
IT SECURITY OBSTACLES, THREATS AND BREACHES
• There has been no significant reduction in the various sources of security threats. Since 2014, respondents indicate significant increases in threats from foreign governments and hacktivists.
What are the greatest sources of IT security threats to your agency? (select all that apply)
Note: Multiple responses allowedN=200
= statistically significant difference
2014 2015 2016
Careless/untrained insiders 42% 53% 48%
Foreign governments 34% 38% 48%
General hacking community 47% 46% 46%
Hacktivists 26% 30% 38%
Terrorists 21% 18% 24%
Malicious insiders 17% 23% 22%
For-profit crime 11% 14% 18%
Industrial spies 6% 10% 16%
= top 3 sources
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
12IT SECURITY OBSTACLES, THREATS AND BREACHES
• IT professionals consider human error as the most common security breach to occur in their agency in the past year.
Unaware of a breach
Other
Denial of service
Privileged account abuse
Theft of IT equipment
Malware
Phishing
Human error
0% 10% 20% 30% 40% 50% 60% 70% 80%
3%
4%
25%
30%
36%
50%
58%
68%
Security Breaches Occurred
Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply)
IT Breaches
None
1
2
3
4
5 or more
0% 5% 10% 15% 20% 25% 30% 35% 40%
3%
20%
27%
21%
16%
14%
Number of Different Types of Breaches Indicated
Note: Multiple responses allowedN=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
13
None
1
2
3
4
5 or more
0% 5% 10% 15% 20% 25% 30% 35% 40%
2%
32%
35%
23%
6%
2%
Number of Different Types of Consequences Indicated
IT SECURITY OBSTACLES, THREATS AND BREACHES
• Personally identifiable information data theft is the most common consequence followed by service outages.
Which of the following has your agency experienced in the last year due to security breaches? (select all that apply)
Consequences of IT Breaches
None of the above
Other
Financial fraud
Modification of databases
Agency data theft
Misuse of systems
Service degradation
Service outage
PII data theft
-10% 0% 10% 20% 30% 40% 50% 60%
2%
3%
8%
12%
25%
36%
39%
40%
44%
Consequences of Security Breaches
Note: Multiple responses allowedN=194
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
14
Vulnerability to Attacks
IT SECURITY OBSTACLES, THREATS AND BREACHES
• The majority feel their agency is as vulnerable to attacks today as it was a year ago.
• However, more feel that the agency is less vulnerable as opposed to more vulnerable.
In your opinion, is your agency more or less vulnerable to IT security attacks than it was a year ago?
N=200
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
8% 20% 55% 10% 6%
1 2 3 4 5
About theSame
Less Vulnerable
More Vulnerable
Mean2.87
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
15
OtherIncreased ad-hoc or rogue configuration changes
Increased reliance on external vendorsIncreased use of technology not supported by the IT department
Use or increased use of public cloudIncreased attack surface
Increased amount of dataLack of end user security training
Internal bureaucracyDecrease in funding for IT security
Increased use of mobile devicesIncreased network complexity
End users do not follow set policiesIncreased volume of attacks
Increased sophistication of threats
0% 10% 20% 30% 40% 50%
2%3%
9%9%
10%10%
16%16%
17%17%
20%22%
24%26%
44%
IT SECURITY OBSTACLES, THREATS AND BREACHES
What makes your agency more vulnerable to IT security attacks than a year ago? (select the top three)
Note: Multiple responses allowed
Defense Civilian
Increased sophistication of threats 37% 50%
End users do not follow set policies 32% 18%
Reasons Agencies are More Vulnerable• An increase in the sophistication of threats is the top factor that makes an agency more
vulnerable to IT security attacks than a year ago.
N=200 = statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
16
Other
Improved BYOD policy
Improved analysis of logs or user-behavior patterns
Improved IT asset management system
Implemented or improved an identity management system
IT/data center consolidation
Improved or increased security training for agency personnel
Implemented configuration change management tools
Introduced or expanded the use of data encryption
Standardized network configurations and monitoring
Improved patch management
Improved application security
Increased use of Smart Cards for dual-factor authentication
0% 5% 10% 15% 20% 25% 30% 35% 40%
2%6%
8%14%
16%18%
19%20%
22%22%
27%28%
38%
Reasons Agencies are Less Vulnerable
IT SECURITY OBSTACLES, THREATS AND BREACHES
What makes your agency less vulnerable to IT security attacks than a year ago? (select the top three)
Note: Multiple responses allowed
Defense Civilian
Increased use of Smart Cards for dual-factor authentication
26% 49%
N=200
• Increased use of Smart Cards for dual-factor authentication is given the most credit for making agencies less vulnerable to IT security attacks than a year ago.
= statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
17
IT Security Investment
INVESTMENT
How will your organization’s investment in resources for IT security in 2016 compare with 2015?
Staff
Security tools or solutions
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
5%
4%
18%
12%
48%
33%
29%
51%
Don't know Decrease Remain the same Increase
• Half say their agency will increase investment in security tools or solutions in 2016; however, that will not generally translate into investment in staff.
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
18
None of the above
File integrity monitoring
Security information event management (SIEM)
Messaging security
Network admission control (NAC) solutions
Endpoint security software
Identity and access management tools
Web application security tools
Configuration management
Patch management software
Smart Card/Common Access Card
0% 10% 20% 30% 40% 50% 60% 70% 80%
1%
34%
36%
43%
50%
58%
59%
60%
62%
62%
72%
Current Use of Security Products
SECURITY PRODUCT USE
Which of these security products and practices are currently in use in your organization? (select all that apply)
Defense Civilian
Web application security tools 52% 66%
• Smart Card/Common Access Cards are used by almost three-fourths of IT professionals.
= statistically significant differenceNote: Multiple responses allowedN=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
19SECURITY PRODUCT USE
Network admission control (NAC)
File integrity monitoring
Messaging security
Web application security
SIEM
Configuration management
Patch management
Endpoint security
Identity and access management
Smart Card / Common Access Card
0% 10% 20% 30% 40% 50% 60%
1%
1%
3%
4%
4%
5%
7%
8%
14%
52%
Percent that Selected Each Product as Most Valuable
Please rank the top three security products you find most valuable.
Most Valuable Security Products• Smart Card/Common Access Card for authentication is by far the most valuable security
product used by federal IT professionals.
Note: Multiple responses allowedN=166
(Rank 1-3, 1 is Most Valuable) Average Rank
Smart Card / Common Access Card 1.29
Identity and access management tools 1.79
Messaging security software 2.09
Patch management software 2.09
Endpoint security software 2.15Configuration management software 2.28
Security information event management (SIEM) software
2.30
Web application security tools 2.30
Network admission control (NAC) solutions 2.37
File integrity monitoring software 2.47
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
20SECURITY PRODUCT USE
1 2 3 4 5 6 7 8 9 100%
2%
4%
6%
8%
10%
12%
14%
16%
13%
5%
12%
14%
12%
10%
12%
10%
5%
11%
Which of these security products and practices are currently in use in your organization?
Note: Multiple responses allowed. *See slide 18 for complete list of products on surveyN=200
Number of Security Products Used• IT professionals say they use approximately five out of the ten listed products or practices
included on the survey.
Mean
5.35
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
21
IT Security Changes
IT SECURITY CHANGES
Compared to 2014, how did each of the following change in your agency in 2015?
Time to detection
Time to response
Time to resolution
Number of IT security incidents
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
8%
7%
8%
8%
38%
38%
21%
20%
35%
33%
45%
34%
20%
22%
26%
38%
Don't know Decreased Remained the same Increased
• The plurality believe that time to detection and response has decreased in 2015, and the number of IT security incidents have increased.
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
22
Defense Civilian Defense Civilian Defense Civilian Defense Civilian0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
7% 9% 8% 7% 8% 6% 8% 9%
23% 17%
48%28%
44%32% 24% 18%
33% 34%
34%
36%
32%
34% 47%43%
37% 39%
10%28%
16%28% 21% 29%Increased
Remained the same
Decreased
Don't know
IT SECURITY CHANGES
• Though defense and civilian IT professionals agree on the trend in the number of incidents, they differ on their responses to security incidents.
• A significantly greater proportion of civilian IT professionals have seen increased response and detection times, while a significantly greater proportion of defense IT professionals have seen decreases in response and detection times.
Number of IT security incidents
Time to detection
Time to response
Time to resolution
IT Security Changes
Compared to 2014, how did each of the following change in your agency in 2015?
N=200 = statistically significant difference
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
23DETECTION AND RESPONSE
Social engineering
Cross site scripting
Misuse/abuse of credentials
Phishing attacks
SQL injections
Exploit of vulnerabilities
Malware
Denial of device attacks
Rogue devices
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
20%
20%
14%
12%
19%
14%
11%
15%
12%
4%
4%
2%
1%
2%
2%
1%
1%
1%
11%
5%
8%
8%
6%
10%
7%
4%
10%
22%
23%
28%
20%
22%
22%
18%
14%
14%
33%
29%
26%
38%
28%
29%
32%
30%
23%
10%
20%
22%
22%
24%
24%
30%
36%
39%
Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
How long does it typically take your organization to detect and/or analyze the following security events?
Security Event Detection Speed• Quicker detection is noted for rogue devices, denial of device attacks and malware.
N=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
24DETECTION AND RESPONSE
Inappropriate sharing of documents
Patches not up to date
Authorized non-compliant changes
Data copied to an unapproved device
Unauthorized configuration changes
Inappropriate internet access
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
16%
9%
13%
14%
11%
11%
0.11
0.02
0.1
0.02
0.01
13%
15%
9%
7%
8%
7%
27%
29%
24%
24%
24%
19%
22%
35%
30%
20%
23%
24%
11%
12%
21%
26%
31%
38%
Don't know/unsure No ability to detect Within a few weeks Within a few days Within one day Within minutes
How long does it typically take your organization to detect the following compliance issues?
N=200
Compliance Detection Speed• Quicker detection is noted for inappropriate internet access and unauthorized configuration
changes.• Inappropriate sharing is the most difficult to detect.
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
25DETECTION AND RESPONSE
Defense Civilian Defense Civilian Defense Civilian0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
8%17%
7%15% 10% 17%8%
12%
8%
9%2%
11%
11%
17%
19%
29%
25%
22%
20%
26%
27%
19%
25%
17%54%
27%38%
25% 32%20%
2%
1%
3%5%
13%
Within minutes
Within one day
Within a few days
Within a few weeks
No ability to detect
Don't know/un-sure
How long does it typically take your organization to detect and/or analyze the following security events?How long does it typically take your organization to detect the following compliance issues?
Rogue devices
Unauthorized configuration
changes
Data copied to unapproved
devices
Security Event & Compliance Detection• A significantly greater proportion of defense respondents indicate detection of rogue devices,
unauthorized configuration changes and data copied to unapproved devices within minutes.
= statistically significant differenceN=200
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
26SECURITY PRODUCT USE, DETECTION AND RESPONSE
Compared to 2014, how did each of the following change in your agency in 2015?Which of these security products and practices are currently in use in your organization? (select all that apply)
Use Do not use
Use Do not use
Use Do not use
Use Do not use
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
7% 9% 7% 8% 7% 7% 8% 9%
21% 18%
45%25%
44%26% 22% 20%
30% 39%
34%
37%
31%
36%50%
37%
42% 33%14%
30%17%
32%20%
34%Increased
Remained the same
Decreased
Don't know/un-sure
Number of IT security incidents
Time to detection
Time toresponse
Time toresolution
Patch Management and Detection Trend• Relative to non-users, a significantly greater proportion of users of patch management
software report a decrease in the time to detect and response to IT security incidents.
= statistically significant differenceUse n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
27SECURITY PRODUCT USE, DETECTION AND RESPONSE
Unaware of a breach
Other
Denial of service
Privileged account abuse
Theft of IT equipment
Malware
Phishing
Human error
0% 10% 20% 30% 40% 50% 60% 70% 80%
4%
1%
24%
26%
32%
42%
42%
58%
2%
5%
26%
31%
38%
56%
68%
75%
Security Breaches Occurred
UseDo Not Use
Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply)
Use Do not use0
1
2
3
4
2.98
2.25
Number of Different Types of Breaches Indicated
Patch Management and IT Breaches• Likely due to increased detection, IT professionals who use patch management software
report more breaches of many kinds in the past year.
= statistically significant differenceNote: Multiple responses allowedUse n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
28SECURITY PRODUCT USE, DETECTION AND RESPONSE
• Those who currently use patch management software are significantly more able to detect, within minutes, the following events:o Rogue deviceso Denial of device attackso Unauthorized
configuration changes
Inappropriate sharing of documents
Patches not up to date
Social engineering
Cross site scripting
Phishing
Authorized non-compliant changes
Misuse/abuse of credentials
SQL Injections
Exploit of vulnerabilities
Data copied to unapproved device
Malware
Unauthorized configuration changes
Denial of device attacks
Inappropriate internet access
Rogue devices
0% 10% 20% 30% 40% 50%
16%
17%
9%
17%
24%
20%
17%
20%
21%
21%
26%
24%
24%
32%
28%
8%
9%
10%
21%
21%
22%
24%
26%
26%
28%
33%
35%
43%
43%
46%
UseDo Not Use
How long does it typically take your organization to detect and/or analyze the following security events?How long does it typically take your organization to detect the following compliance issues?
Note: Multiple responses allowed
Patch Management and Detection Within Minutes
= statistically significant difference
Use n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
29SECURITY PRODUCT USE, DETECTION AND RESPONSE
• Relative to non-users, a significantly greater proportion of users of configuration management software report a decrease in the time to respond to IT security incidents.
Compared to 2014, how did each of the following change in your agency in 2015?Which of these security products and practices are currently in use in your organization? (select all that apply)
Use Do not use
Use Do not use
Use Do not use
Use Do not use
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
7% 10% 7% 8% 7% 6% 8% 9%
19%22%
41% 32%47%
23%
49% 39%
35%32%
32%39%
28%
41%
21%22%
40% 37%19% 22% 17%
30% 22% 30%Increased
Remained the same
Decreased
Don't know/un-sure
Number of IT security incidents
Time to detection
Time toresponse
Time toresolution
= statistically significant difference
Configuration Management and Detection Trend
Use n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
30SECURITY PRODUCT USE, DETECTION AND RESPONSE
• Likely due to increased detection, IT professionals who use configuration management software report more breaches of all kinds.
Unaware of a breach
Other
Denial of service
Privileged account abuse
Theft of IT equipment
Malware
Phishing
Human error
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
3%
4%
24%
27%
30%
38%
44%
56%
3%
3%
26%
31%
39%
59%
67%
77%
Security Breaches Occurred
UseDo Not Use
Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply)
Use Do not use0
1
2
3
4
3.02
2.23
Number of Different Types of Breaches Indicated
Configuration Management and IT Breaches
= statistically significant differenceNote: Multiple responses allowed
Use n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
31SECURITY PRODUCT USE, DETECTION AND RESPONSE
• Those who currently use configuration management software primarily see benefits with respect to rogue devices on the network and distributed denial of device attacks.
Social engineering
Inappropriate sharing of documents
Patches not up to date
Authorized non-complaint changes
Cross site scripting
Misuse/abuse of credentials
Phishing
Data copied to unapproved device
Exploit of vulnerabilities
SQL injections
Malware
Unauthorized configuration changes
Inappropriate internet access
Denial of device attacks
Rogue devices
0% 10% 20% 30% 40% 50%
14%
14%
11%
25%
16%
20%
22%
30%
23%
18%
28%
29%
41%
24%
32%
7%
9%
12%
18%
21%
22%
22%
22%
25%
27%
32%
32%
37%
43%
44%
UseDo Not Use
How long does it typically take your organization to detect and/or analyze the following security events?How long does it typically take your organization to detect the following compliance issues?
Configuration Management and Detection Within Minutes
Note: Multiple responses allowed = statistically significant difference
Use n=124Do not use n=76
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
32SECURITY PRODUCT USE, DETECTION AND RESPONSE
Compared to 2014, how did each of the following change in your agency in 2015?Which of these security products and practices are currently in use in your organization? (select all that apply)
Use Do not use
Use Do not use
Use Do not use
Use Do not use
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
7% 9% 8% 7% 7% 7% 7% 9%
15%23%
44%34%
44%34%
21% 21%
32%
34%
28%39%
29%35%
49% 43%
46%34%
19% 20% 19% 24% 24% 27%Increased
Remained the same
Decreased
Don't know/unsure
Number of IT security incidents
Time to detection
Time toresponse
Time toresolution
SIEM and Detection Trend• Security information event management (SIEM) software users report an increase in incident
detection and a decrease in time to detect and respond. However, they report similar changes to those who do not use SIEM. There are no statistically significant differences.
Use n=72Do not use n=128
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
33SECURITY PRODUCT USE, DETECTION AND RESPONSE
Unaware of a breach
Other
Denial of service
Privileged account abuse
Theft of IT equipment
Malware
Phishing
Human error
0% 10% 20% 30% 40% 50% 60% 70% 80%
3%
2%
23%
30%
31%
50%
51%
64%
3%
7%
28%
28%
43%
51%
71%
76%
Security Breaches Occurred
UseDo Not Use
Use Do not use0
1
2
3
4
3.04
2.52
Number of Different Types of Breaches Indicated
SIEM and IT Breaches• SIEM users detect phishing attacks in their agency significantly more than those who do not
use SIEM.
Which of the following types of IT security breaches have occurred in your agency in the past year? (select all that apply)
= statistically significant differenceNote: Multiple responses allowed
Use n=72Do not use n=128
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
34SECURITY PRODUCT USE, DETECTION AND RESPONSE
• Those who currently use SIEM software are significantly more able to detect, within minutes, almost all threats listed on the survey.
Social engineering
Inappropriate sharing of documents
Patches not up to date
Authorized non-compliant changes
Cross site scripting
Misuse/abuse of credentials
Phishing
Data copied to unapproved device
Exploit of vulnerabilities
SQL injections
Unauthorized configuration changes
Denial of device attacks
Malware
Inappropriate internet access
Rogue devices
0% 10% 20% 30% 40% 50% 60%
9%
11%
11%
17%
14%
17%
18%
23%
20%
18%
26%
31%
23%
34%
31%
11%
11%
14%
28%
29%
29%
29%
29%
32%
33%
40%
43%
44%
46%
53%
UseDo Not Use
How long does it typically take your organization to detect and/or analyze the following security events?How long does it typically take your organization to detect the following compliance issues?
SIEM and Detection Within Minutes
Note: Multiple responses allowed = statistically significant difference
Use n=72Do not use n=128
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
35
Contact Information
RESEARCH TO INFORM YOUR BUSINESS DECISIONS
Laurie Morrow, Director of Research Services | Market Connections, Inc.11350 Random Hills Road, Suite 800 | Fairfax, VA 22033 | 703.378.2025, ext. [email protected]
Lisa M. Sherwin Wulf, Director of Marketing - Federal | [email protected] www.solarwinds.com/federalLinkedIn: SolarWinds Government
SOLARWINDS FEDERAL CYBERSECURITY SURVEY SUMMARY REPORT | MARKET CONNECTIONS, INC. | 703.378.2025© 2016 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
36
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC and its affiliates, are registered with the U.S.
Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may
be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered
trademarks of their respective companies.