L1M3 Explainer Part 5 – Security and Compliance

Welcome to part five in our Observability Maturity Series, Security, and Compliance. Earlier portions of this series introduced the Five Phases of Maturity and the first three areas of the Assessment and Planning topics.

You can see earlier blog posts in this series here.

In part five, we build on the earlier posts and introduce the concept of Security and Compliance.

As a result of the Sunburst and Supernova attacks in late 2019, this area has received incredible scrutiny within SolarWinds and among those with Orion deployments.

At Loop1, we’ve been teaching and practicing an intrinsic approach to security since 2009.  One of my biggest regrets in my career is that I didn’t have a stronger cyber-security mindset when I worked at Microsoft on the Windows 2000 product. We should have shipped a much more secure default install (with more services disabled, not enabled by default), and we should have created a read-only, least privilege model of active directory security for monitoring purposes, both within Active Directory and WMI. Nonetheless, hindsight is 20/20, as they say.

In the L1M3 Model, we don’t have a ‘security’ pillar or phase to maturity. Instead, security concepts are ‘built-in’ to the model in every phase. Some phases are explicitly dependent on not only having appropriate cyber-security habits but also automating those practices and making them proactive.

An intrinsic approach to security applies not only to how the Orion platform is deployed but also to knowing the capabilities in the SolarWinds suite of products and leveraging them fully to ensure strong cyber-security hygiene throughout IT operations.

In this way, the concept of Feature Awareness we discussed previously becomes even more critical. SolarWinds offers many products and capabilities that we encourage our clients to adopt. We’ve added two additional vendors to our offerings (Runecast and Portnox) to ensure complete cyber-security hygiene coverage. We simplify the approach to this complex topic by dividing our security best practices into two categories:  Configuration Security and Operational Security.

Configuration Security is just as it sounds, understanding the desired configuration state of our environment, documenting the environment for a baseline configured state, and auditing changes to the environment to ensure all changes are authorized, detect unauthorized changes, and remediate changes when necessary.

We leverage a variety of SolarWinds tools and solutions to do this; Patch Manager, Network Configuration Manager, Server Configuration Manager, and  Access Rights Manager. All of these tools offer the ability to document, manage and detect changes to system and network configurations.

Operational Security includes both event analysis and vulnerability detection. Both Security Event Manager and Log Analyzer, as well as Network Configuration Manager, Server Configuration Manager, and Patch Manager, all feature capabilities that cover our operational security needs. Server and Application Manager, with the AppInsight for Active Directory feature, also plays a key role here, greatly simplifying the monitoring of Active Directory for performance, availability, and security.

Again, gaining awareness of these SolarWinds solutions and tools leads to that familiar refrain, “I didn’t know SolarWinds could do that.”

Tough lessons have been learned, and the days of security being something done ‘after’ systems are architected and built are long gone. An intrinsic approach to security and compliance is expected in IT Operations today, and the L1M3 model is built to support and enhance your cyber-security effectiveness.

In part 6 of this series, we will introduce the Automation and Integration assessment area and discuss native and API-based correlation between tools combined with SDK-based automation to enable full scalability.

Bill Fitzpatrick, Loop1 Chairman and CEO

Bill Fitzpatrick
Chairman and CEO | Loop1

AUTHOR

An accomplished engineer with a gift for translating technical concepts into plain English and a sharp business sense, Bill Fitzpatrick is building on the success of Loop1 Systems to execute an ambitious vision for the future. Bill co-founded Loop1 Systems, a SolarWinds Authorized Partner, in 2009. He played an integral role in building the nearly 10-year-old business into what is today, a bustling, Austin-based company counting more than 200 of the Fortune 500 as clients. In the summer of 2017, Bill assumed full ownership of Loop1 Systems and has since laser-focused on one simple goal: to bring the truth to light for each Loop1 client.

Log4Shell Vulnerability covered by Runecast - Request a Vulnerability Assessment Request Assessmentx