Category: Blog

Keeping your network secure–a Q&A with our Loop1 Engineer

With the ever present threat of a cyber attack it’s important to maintain proper cybersecurity. Company networks are a common point of cyber attacks.

Network security breaches primarily come from attacks from outside the network attempting to get in: hacking, phishing attacks, etc. But, according to the “2018 Data Breach Investigations” by Verison, network vulnerabilities can also come from within the network: human error, unregulated access to data, rouge employees, etc.

Our Loop1 Engineer Katie Boldizar discusses the importance of establishing network security protocols to ensure consistent security throughout all aspects of a network.

Katie has over 10 years experience working in IT infrastructure, installation, configuration, and security. Prior to her career in IT, she served as a Multiple Launch Rocket System repairer (94P) in the U.S. Army.


Q: What are the three most common issues you see in keeping a network secure?

man pointing at IT networking icons

A: Unknown assets on the network will always be one of the biggest issues. Without a complete inventory of what devices are using the network, you will never know the full extent of what needs to be secured.

Out-of-date systems are another issue. Having a firm patching plan and maintenance schedule in place are paramount to maintaining network security.

Proper security awareness training. With all of the security risks that exist, we can’t assume that all users on a network know what to watch out for: phishing attacks, ransomware, spam, etc. You can have every possible network security measure in place, but it won’t be helpful if your end users are not trained on common security awareness principles.


Q: What are the most common threats to network security?

A: Phishing Attacks – attacker pretends to be a part of an organization in order to trick people into sending login information and other private information

Viruses – a piece of code that replicates within a computer system and corrupts and/or destroys data

Ransomware – attacker seizes control of a computer system and denies access until a ransom is paid.


Q: Where do you feel networks are most vulnerable, why?

A: One area that can be overlooked is attacks from inside a network—even accidental attacks. For example, not having a policy about the use of USB flash drives.

USB flash drives are one of the most common ways a network can get infected. If your network policies allow the use of personal USB flash drives, you are also opening your network to the risks of what files are on them.

I’ve seen many network security policies that now disable the use of personal USB flash drives.


Q:What extra precautions could people take in order to maintain network security?

A: There are countless security measures to protect a network, but the most important thing being implemented now is a proper Security Information and Event Management (SIEM) solution. SIEM systems provide a real-time analysis of security alerts.


Q: What are the most common SolarWinds software you’ve seen implemented to keep a network secure?

globe internet connecting - Illustration

A: There are several SolarWinds tools, but I would say the most common are NCM (Network Configuration Manager) and SEM (Security Event Manager).

NCM offers the capability to create compliance reports and policies to help you maintain network devices.

SEM is a SIEM tool for monitoring real-time network security and helps to detect suspicious activity, enhance security, and demonstrate compliance with audit proven reporting from HIPAA, PCI DSS, SOX, DIS STIG, and more.


Q: How have IoT devices (smartphones, smart TVs, Wi-Fi enabled devices) impacted network security?

A: Everything from smartphones to smartwatches are assigned an IP address, which allows IoT devices to exchange data and communicate with other devices. This also means that IoT devices can in turn be hacked or intercepted.

As the number of IoT devices increases, the attack surface also gets bigger and creates more opportunities for exploits by cyber criminals.

The more technology we use in our lives, the more vulnerable we make ourselves.

Attempts to access a network can from outside the network but also can come from within. Keeping data safe and secure on a network is growing more complex as more and more devices and a larger variety of devices have internet connectivity.

Network security is no easy task but implementing regularly scheduled updates and training employees on security awareness/best practices are a good foundation to building and maintaining a secure network.


By: Katie Boldizar
Loop1 Technical Account Manager
Network+, Security+, SCP



Cyber Security

The Cost of a Cyber Attack

Around the world, more and more IT professionals are focusing on cybersecurity as safeguarding data is becoming increasingly more important to an organization’s internal success strategy. According to a study published by the Ponemon Institute in July of 2018, the average number of cybersecurity breaches increased by 6.4% in 2017 costing enterprise organizations an average of $3.86 million and 69 days from discovery to resolution of all breach-related issues. To get even more granular, organizations experienced an average per-record cost of $148 for every lost or stolen record. While US-based companies are the most vulnerable, both in the probability of an attack occurring and attack-related expenses, every domain across the globe is potentially at risk.

The good news? The IT industry as a whole is getting smarter and more well-prepared to guard against major attacks. Organizations are investing more in cybersecurity prevention with action items like:

  • Purchasing software to ensure the safety and security of IT environments
  • Employee Training
  • Extensive use of encryption
  • Creating reaction plans
  • Assembling response teams to remediate issues as quickly as possible


What are the most common types of breaches to occur?

It is an unfortunate reality that criminal activity exists in all facets of our society, including the IT industry. For many enterprise organizations, software solutions such as the SolarWinds security products are an important part of their security plan to keep their environments safe and protected from potential threats.

The three major contributors to cybersecurity breaches are criminal or malice attacks, system malfunctions, and human error, respectively.

Security breaches can come in all sizes and with all different agendas.  The most common type of breach usually involves hacking client data; however, there are many different motivators.

The “2018 Data Breach Investigations” by Verison cited more than 20 different types of security breaches or incidences as potential threats.

While hacking is the most common type of breach, the size for all breach types is getting bigger in terms of attack scope and the number of records affected.

The Identity Theft Resource Center (ITRC), reported a total of 1,632 data breaches and 197 million consumer records exposed in 2017averaging 121,000 records per breach. In 2018, the ITRC reported a total of 1,244 breaches impacting over 446 million records.

An average of 358,000 records per breach in the US means there was an increase of nearly 66% of records impacted per incident in 2018.

The number of people exposed is even greater when you factor in other countries. According to Symantec’s “Norton Cyber Security Insights Report Global Results,” 978 million people in 20 countries were affected by cybercrime in 2017.

cost of data breach - by country

A major contributor to the significant cost difference among countries is the amount of money required to notify customers once a breach has occurred. Notification costs range widely throughout the world, due in large part to differences in regulation, with the United States being the highest at $740,000 as of 2018. In the United States, notification costs include:

  • Creation of contact databases
  • Determination of all regulatory requirements
  • Engagement of outside experts
  • Postal expenditures
  • Email bounce-backs
  • Inbound communication setups

The Real Cost of a Data Breach

As per IBM’s study, companies saved an average of $1 million when a security breach was discovered within 100 days of its intrusion and could save another $1 million if a breach was contained within 30 days. However, IBM’s study discovered it took approximately 197 days for a company to identify a breach and 69 days to contain the breach.

One of the largest security breaches in 2018, affecting approximately 383 million people globally, was the data breach at Marriott International.  According to the ITRC, Marriott International’s network security was initially compromised in 2014, and the unauthorized access remained undiscovered and undisclosed until 2018.

These attacks can be detrimental to an organization’s bottom line, a lesson not lost on the global ride-share company, Uber. They learned of a database breach that impacted more than 600,000 customers worldwide in 2016 but waited to send breach notifications until almost a year later in 2017. US courts responded to these missteps by fining the organization over $148 million dollars (OAG-DC).

Other major breaches over the years such as Yahoo in 2013 affecting nearly all 3-billion Yahoo customers, and the infamous Equifax breach in 2017 impacting more than 146 million customers worldwide has led to major changes in legislation. By 2018, all 50 states had enacted some variation of data privacy laws while Europe went as far as passing the General Data Protection Rights Act (GDPR).

Tools like SolarWinds NetFlow Traffic Analyzer (NTA) and Server & Application Monitor (SAM) provide organizations of all sizes the ability to effectively monitor environments and detect possible threats earlier, saving time and money.


Due to the global nature of our society, all industries face challenges in maintaining a secure network. That being said, some industries face greater challenges in keeping data secure. Here are the top 5 industries most likely to encounter a breach along with the average cost per record:

  • Healthcare = $408
  • Financial Services = $206
  • Technology = $170
  • Industrial Manufacturing = $152
  • Public Sector (Government) = $75

Networks for large, global businesses are not the only networks that get attacked; networks for small, local businesses are just as vulnerable. A report by Consumer Reports found that small businesses often have the same level of sensitive information but lack the knowledge or resources to maintain a secure network. “Cyber attacks are often automated, hitting many servers at once, and so hundreds of small businesses may get caught up for every 1 major company that’s affected.”

Regardless of the size of your organization, SolarWinds has solutions that can protect your IT environment from these types of attacks. Tools like Network Configuration Manager (NCM), Patch Manager, and Access Rights Manager can be used to satisfy controls and manager access rights, while Log & Event Manager (LEM) and Network Performance Manager (NPM) can be used to ensure that security controls are working properly.

Where do network security vulnerabilities come from?

More often than not, security breaches are the result of outside entities wanting access to information on a network. But, threats to a network can also start from inside the network.

Unsurprisingly, there are many points of entry for malicious attackers to target your IT environment. According to the study published by Verison, these are the top 5:

  • Web Applications
  • Miscellaneous Errors
  • Point of Sale
  • Internet of Things (IoT) Devices
  • Privilege Misuse

In their study, Verison found that web applications on a network were attacked more than any other point of entry. “This includes exploits of code-level vulnerabilities in the application as well as thwarting authentication mechanisms. of stolen credentials is still the top variety of hacking in breaches involving web applications, followed by SQLi.”

The Internet of Things: A Growing Threat

Additionally, Internet of Things (IoT) devices and other wireless devices are a growing area of concern. The OECD notes that the current consumer market (current employees using a network or the public accessing a network) regularly utilize a wide variety of IoT devices such as: wearables (smart watches, phones), smart home applications (Nest thermostats, TVs), and motor vehicles.

The increased number of IoT devices connecting to a network poses a number of threats to an organization’s IT environment. In the Federal Trade Commission’s (FTC) report “Internet of Things: Privacy & Security in a Connected World”, the FTC’s panel cautioned that many companies manufacturing IoT devices may not come from a background with network security in mind or are unfamiliar with security compliance.

Moreover, some low-end devices may not be able to update device software or, “may lack economic incentives to provide ongoing support or software security updates at all, leaving consumers with unsupported or vulnerable devices shortly after purchase.” According to the FTC, IoT devices could potentially:

  • Allow for unauthorized access and misuse personal information
  • Used to facilitate attacks on other systems
  • Create safety risks that could be exploited to harm consumers

With the rising number of devices, it’s important to know who is on the network. SolarWinds’ Network Configuration Manager (NCM) can show what devices are connected, when devices approach end-of-service and end-of-life, make configuration changes, and even lock down devices with unauthorized access.

NCM’s network automation features were designed to manage changes across a network and maintain standards and service to all devices connected to the network all while reducing downtime and ensure that your network is compliant and secure.


While our ability to protect against attack continues to improve, IT trends confirm that the bad actors are just as adaptable. With every new software patch, there are numerous hackers ready and waiting to find new ways to exploit it.

The recent vulnerability discovered in Microsoft’s Remote Desktop Client serves as a good example of an organization taking a proactive approach to protecting customers once a threat was discovered. Microsoft went as far as offering a patch for XP clients, a product that had reached End of Service years before the vulnerability was discovered. While most individual users have moved on to newer versions of the product, Microsoft knew that many of their enterprise clients were running XP and did not want to risk exposing their systems to threat of attack.

This shift towards security preparedness should come as no surprise given the nearly $4 million price tag associated with identifying, containing, and remediating a data breach. Combine that with the potential of Federal prosecution and it would be downright reckless of organizations to exclude cybersecurity measures from their strategic plan. The growing number and size of attacks over the past decade confirm the importance of cybersecurity for all domains worldwide. As IT professionals it is our duty to remain diligent in our fight against attacks and continue to produce effective and innovative tools to protect the masses from the effects of a detrimental breach.


Do You Need Help Addressing Security Concerns? Finding the right security strategy can be overwhelming. ``What are my most vulnerable areas? What products are best for my environment? Where do I even begin?`` We get it. . .we have been there, and we want to help! Provide your contact details and a little bit of information about your environment and one of our team members will reach out to start the conversation.

December 2018 SolarWinds – Version Upgrades

Is your SolarWinds Environment ready for 2019?

SolarWinds recently released version upgrades for NPM, NCM, NTA, IPAM, and general updates to the Orion platform and we want to make sure your team is completely up to date.

What’s New?

  • NPM 12.4 – Cisco ACI® Support. Now your team can accurately monitor your SDN environment with Cisco ACI support and other general interface and performance improvements.
  • NCM 7.9 -Simplify configurations with multi-device baselines. Easily create, assign, and implement baseline templates across multiple devices.
  • NTA – 4.5 Alert on Flow. Create custom alerts to quickly identify extreme changes in traffic flow and remediate issues more efficiently.
  • IPAM 4.8 – Update includes Infoblox® support, the ability to replace custom fields with more convenient custom properties, and more comprehensive support for Linux users.

Where does Loop1 come in?

2018 IT trends found that nearly half of IT professionals have a reactive organizational strategy, leaving teams spending 50% of their time maintaining and trouble shooting an environment, instead of working on mission critical tasks. So what can Loop1 engineers do to mitigate this issue and get your team back on track?

  • Manage updates and optimization
  • Monitor & trouble-shoot your environment
  • Implement proactive monitoring strategies to pinpoint issues faster
  • Identify mission critical tasks for your team

While the SolarWinds product suite has completely changed the game for IT monitoring software with out-of-the-box solutions, many of our clients have benefitted from Loop1 engineers walking them through the update process – saving time and effort in the long run.

What does Loop1 Bring to the Table?

  • Over 7 years of experience with SolarWinds products per engineer on staff
  • More than 600 SolarWinds engagements in 2018 – including many version upgrades
  • Over half of the Fortune 500 Companies are currently Loop1 clients
  • Engineers work in some of the most complex environments across the globe
  • Ability to quickly remediate some of the more common update issues experienced
  • Provide valuable insight and problem solving for the more difficult obstacles

If you need help with your upgrade, contact us at, and a member of our expert staff will reach out to discuss your needs.

End-of-Life Announcements

An End-of-Life Announcement was made December 4th, 2018 for the following SolarWinds Products:

NPM 12.1, NTA 4.1, NCM 7.6, IPAM 4.5, VoIP & Network Quality Manager (VNQM) 4.2, User Device Tracker (UDT) 3.2, and Enterprise Operations Console EOC) 1.5.

If you are currently using one of these products, it is advised to upgrade to a more recent version.

Caveat Emptor or “Smart Quotes”

We live in a world these days where copy & paste is the shortest path to winning. In a world of Stack Overflow and Thwack and all those other sources of awesome content, it’s easy to find something you like, fire up a SAM template with a fresh PowerShell component and then paste the content in there. Sometimes it doesn’t go so well and when it doesn’t, it can be maddening.

Let’s take this email with some helpful SolarWinds API code for example,

It looks good, right? Add the snapin, build the connection, run the query, get the results. Nothing could be easier. But when you try to run it in PowerShell, you get some pretty confusing results:

The error we get is on Get-SwisData which is a little maddening since that’s the very first command we tried to run. It’s simple and there’s no obvious issue with it. You fire up a PowerShell window and try it to make sure you have the syntax right and all goes well. So… what gives?

If you look closely, you can see that Outlook has helpfully converted your quotes to “smart quotes” which are a bit curvier:

This is going to break your code because it’s expecting regular quotes ” instead of smart quotes that wound up in its place. It’s taken some practice, but having this bite me several times in the past I’ve taken to very carefully typing code and keeping an eye on these automatic changes which you can reverse by using undo (ctrl+z) like below:

If you’re not a fan of smart quotes and you’d rather just turn them off so they don’t muck up the works, you can do that by adjusting Outlook’s configuration:

That’s all there is to it! You’ll never have that problem bite you again.


What Happens if I Have Conflicting Alerts?

Loop1 Answers Top Questions from Alert Noise Webinar

We recently hosted a webinar on alert noise – the importance of getting them under control and how to customize for your needs.

If you missed it, you can view it here:

We had a rich conversation in our Q&A portion where our host, Chrystal Taylor, walked attendees through application in specific scenarios.

The top questions and answers were:

I have a Windows domain environment with mostly laptops plugged into Cisco switches. I would like to get an alert if/when someone that has a non-domain computer joins my switches. Can I create alerts based on this situation?

There are a couple of different ways we could approach this. If you’re using DNS in your environment and all of your other devices are DNS, and something pops up that isn’t using DNS, you can trigger an alert to let you know. If you want to go a different route, you can utilize an events monitor or a script monitor to check for devices not on the domain.

We need some of our servers to monitor interfaces and hardware. Often, when the node goes down, we get a barrage of alerts for the interfaces and the hardware going into an unknown state. How do we protect against this from happening?

You can use dependencies. There are supposed to be automatic dependencies to keep this from happening, so when your node goes down, all of those that are a child of that node shouldn’t be alerting you. If you’re still getting alerts, you can add a condition to your alerts so when your device is down, you won’t receive notifications.

Is there a way to edit the default email template used for when creating a new alert?

There’s not a way to change the default email template. There are, however, variables to change for an email address. But as far as edits to the template go, there’s not a way to do that to our knowledge.

Can the text of an alert on an application have variables or values in the alert from the different groups? Like nodes or alerts?

Yes. What you’re able to use is going to depend on the property you’ve triggered on. If you’ve set your alert to trigger on a node status, you’ll probably have to use the custom variables. SolarWinds does let you create custom sequels to pull any information from the database in. You can use other variables in there to pull information. If you have something custom from your table that you need to pull in, you can definitely do that. It just takes some tweaking on the front end.

What if you have conflicting alerts?

If you have conflicting alerts, they should both trigger. Alerts don’t take priorities.

For more information on how you can customize your alerts or questions about this specific webinar, please feel free to contact us.

Log4Shell Vulnerability covered by Runecast - Request a Vulnerability Assessment Request Assessmentx