Protecting Your IT Environment: Tips from the Trenches

Security threats lurk beneath the surface, and cybercriminals keep finding new ways to compromise the tech environment we hold so dear.

From spear phishing to malware and ransomware, cybercriminals continue finding new types of cyberattacks to compromise businesses. According to a recent cybercrime study, organizations can expect 145 cybersecurity breaches this year, up from 130 in 2017 and an increase of 67% in the last five years.

Security and safety are more important now than ever before as technology continues to evolve and new threats emerge every day. As revealed by the SolarWinds^® IT Trends Report 2019: Skills for Tech Pros of Tomorrow, in the past 12 months, nearly all tech pros in North America have prioritized cultivating skills in security management. As tech pros continue building security skills in daily operations, they should also continually take steps towards implementing basic cyberhygiene. Understanding your IT environment to uncover hidden risks, educating business leaders, leveraging data to show the value of IT efforts, implementing the “right” IT security management tools, and investing in training are key to protecting modern environments from the ever-evolving threat landscape.

Here are some tips, tricks, and scary stories (with happy endings) that members of the SolarWinds THWACK^® community have encountered while protecting their IT environments:

Better Safe Than Sorry

“We use Cyren to scan web-based threats before things get to the network, a Velo SD-WAN protected gateway, and Cylance as our desktop engine. We also have mandatory user training to help identify threats and provide awareness.

“For machines, we limit the entry and have a detailed procedure for gaining access to files, email, etc. We also use a multiple tier backup strategy – Commvault for our primary backups (with off-site replication to a different location), and replication to Rackspace as well as Nakivo for VM snapshot backups to different hardware as added redundancy (all of those are stored locally). We make sure to test our restores periodically and review our security and security best practices often.”

-- jeremymayfield, IT Director

Training, Training, Training

“Develop appropriate policies for employees, vendors, business partners, and customers. Then train employees about those policies as many times as necessary. Give your employees tests – use phony phishing threats with emails that have inappropriate test attachments. Then train them again so they’re able to recognize attempts to phish, hack, and steal their account information. Teach them how to defend their credentials and their company’s data. Train and test again. Train and test again with harder, more realistic tests. Never stop testing and training.”

-- Rschroeder, Network Analyst

“Each year, we make all our staff take a series of IT security webinars. There are somewhere between 20-25 webinars that an individual must pass, and in order to move to the next one, you need to complete a set of questions. The webinars cover everything from ways a hacker can get into your environment to phishing schemes and encrypted links (HTTPS). Topics vary from year-to-year, but the main point is for people to become more aware. We can’t forget that people are an easy target if they’re unaware of the risks. Training our staff is as important as finding the right products.”

-- Hoang

You Can Use the Help

“We use multiple SIEMs to analyze traps and logs in order to determine what happened, who did it, when, where, etc. These tools are sophisticated enough to alert us of behaviors that match suspicious or unknown profiles.”

-- Rschroeder, Network Analyst

Security Nightmares

“Recently, we brought a new system online to fill monitoring holes at a few different locations. When we turned the monitoring on at one of our international locations, we immediately started getting crypto-mining alerts! We contacted the IT staff at that location and it stopped immediately, but I still always wonder how many bitcoins were mined before it was discovered…”

-- Alexpf

“For the past two years, I have been responsible for hardening our firewall security – prior to this, the network team would install a firewall in our 35+ offices in a ‘set it and forget it’ style. After we standardized our firewalls and centralized the administration, we continued with the installs in the remaining offices. One particular office had two internet circuits: a primary 100MB circuit and a secondary 10MB small business circuit. The office was always complaining about poor bandwidth. We installed the new firewalls in mid-August and immediately identified users streaming Netflix and Hulu! We shut them down and the bandwidth complaints disappeared immediately.”

-- Peter Monaghan, Availability & Production Manager, IT

Security Scares IRL

“A couple of years ago, someone managed to tailgate into one of our machine rooms. Realizing his mistake, he tried to exit but the doors require a valid ID card. He started to panic and hit what he thought was the “door release” button on the wall, only to find it was the emergency electricity power button! After that incident, the button got removed and our machine rooms’ security tightened.”

-- David.botfield, Network Engineer

“Back in the 1980s, we had ‘Emergency Power Shutdown’ buttons on the wall. Someone put that button and the ‘Open Security Door’ button too close to each other, and one night, an unaware security guard hit the wrong button as he tried to leave the room. After that disaster, a hinged guard box was put over the emergency power button with a big warning label to protect our servers from any distracted employees.”

-- Joepoutre, AVP