Home > SolarWinds Lab Episode 74: Security Tools to Fit Today's Threats

SolarWinds Lab Episode 74: Security Tools to Fit Today's Threats

In this episode, Head Geeks Destiny Bertucci and Thomas LaRock will show you how to ward off security dangers using SolarWinds software. See how SQL injection can be rooted out and how access rights compliance is a headache of the past. All while using Security Event Manager (formerly Log & Event Manager) with a little help from Access Rights Manager. Join us as we deep dive into security needs, and show you how to prevent your infrastructure from being victim to low hanging fruit, and how to be more proactive in the future.

Back to Video Archive

Episode Transcript

Welcome to SolarWinds Lab. I'm Destiny Bertucci, Head Geek. And joining me today is Head Geek, Thomas LaRock. Hi! Hey Dez, pleasure being here again, of course, as always, and I can't wait to stretch out my security wingspan today. [laughs] All right, well fantastic. So, after RSA, I wanted to actually dive in to ways that SolarWinds could help ward off a lot of evil intentions. Easily, but most importantly, effectively. All right. And Tom, I have to say I've found out just how little I knew about SQL injection. And that's where I came up with this great episode idea. OK, maybe while talking to you. Eh, maybe. But regardless, I wanted to discuss what this actually is and what it means to our customers with SQL injection. And how we can be proactive about using the tools that we currently have. And as you know, maybe they don't, but I've been ramping up on all of my security certifications. Cybersecurity, things of that nature, and of course, I'm here and I would love to share the information I've been learning about data security and privacy. Definitely. OK, so without further waiting, let's dive in to all the security greatness that we have actually planned today. So that's going to be SQL injection awesomeness from you. All right. I'm going to show Log & Event Manager's new little face lift, as well as dive into the Access Rights Manager. Cool. OK, Dez. So SQL injection, I want to talk a little bit about data security and privacy, and I'm going to focus on SQL injection mostly because what I see out there are a lot of data breaches are done basically through insecure websites. Sometimes that is through a technique that we'll call SQL injection, sometimes it's just you can browse for a directory on the URL, you get a wealth of information. So just to make sure everybody understands a little bit about the concept or why this is kind of a bad thing, let's consider a slightly different scenario. Are you familiar with the term refrigerator privileges? Yes. You are? Well, I am now. You are now. [laughing] So refrigerator privilege is the idea that there are certain people in your life that if they enter into your home, it's totally cool for them to open up your refrigerator and take what they want, right? OK. So, think about how many people in your life are exactly that way. How many people could just show up in your house, you'd be like, "Not a problem, help yourself." Right? Yeah. Probably, how many? A few? Maybe like, less than a handful. Maybe like less than a handful. Like, hey, what are you doing? Right? Right. So, when it comes to data security and privacy, let's consider the concept of a very familiar thing for databases, which is the guest account. OK, I'm intrigued. So, a guest. You're intrigued? A guest, like a guest in your house, this guest account ... is that something you would say would have refrigerator privileges? No. Would you want that guest to just have access to all the data? No. Probably not. But, yet, people with some of these websites out there that have these data breaches, mostly because, say there's a guest account, and certain applications you can find online. You don't have to go the dark web for this information. Manuals are out there like here's our app, this is how it works, here's the URL, by the way there's a default guest account in case you ever lose access. And hackers, or let’s just call them adversaries, they're out there actively looking for information, they use tools to scrape websites and see what they can get. And that's what we're going to look at today. And that's also like the NIST database, and the common vulnerabilities that I always talk about. We're not the only ones that see the vulnerabilities. The people that are adversaries are seeing that too, and they will use it to their advantage, and your disadvantage. So same concept, if they know there's something there, they're going to try. So, while I try to advocate for data professionals, especially in terms of data security and privacy, so I'm sure you're familiar with the concept of red team, blue team? Yes. Which team are you? Depends on the day. It depends on the day. Depends on who's writing the check. Yeah, depends on if the CEO lets me or not. Yeah, right. [laughing] So, I advocate, if you aren't aware out there, red team would be a team that is actively trying to penetrate a system, and the blue team is the one that is actively trying to defend the system. And there's a lot of techniques involved, and we're not going to dive into what it really means to be red team and blue team. But, as a data professional, I would advocate for you to be a part of a red team. Whether that's a one-person red team, or you're part of an official red team, I would encourage you to start thinking about different ways that your data may be leaking. Right. So maybe you have a public facing website, or maybe you don't, maybe you just have an internal website that everyone in the company can access, but does that mean they should? Different ways like locking down the guest account inside of the SQL Server instance. So, there's lots of little techniques that you could kind of put together. There's a lot of penetration testing out there, sometimes you hire a firm for it, but there are scripts you can run on your own. I wanted to show one here today. It's called sqlmap. So, this tool, sqlmap, you can point it right at the website and you don't even have to tell it what database it is, it will test against all the database platforms, and it will do common forms of SQL injection attack. We're going to look at an example right now. What I have is, I have this website set up. Now this is something that was made available by Microsoft, it's available on GitHub, you can get the source code, you can build this website sample for yourself if you want to test out sqlmap and some of the threat detection things we're going to see here. So, I will go over to the "Patients," all right, so the Contoso Clinic, here's the patients. Looks like a lot of PII information. Ah it is, right? But let’s just say I'm not a guest here, let's assume I'm logged in, although it says I'm not, let's just assume I am. The beauty of this example, this demo, is that it gives examples of what a SQL injection attack would be. So, what you see here is the end of a string, and then it's wondering if it can just close the string and then add and append this thing it's called, or just cast the version as an int. Now, the version, if you're familiar with databases, the version really isn't going to be an integer, it's going to be a mixed character, right? So, this is probably going to cast an error, but that's OK, because if you are somebody that wants information, it doesn't really matter necessarily if there's an error involved. Look at that. It failed converting this nvarchar to an integer, but what piece of information do I have, right now? You now know exactly what version it is on, so you can also look at the vulnerabilities on it as well. I now know what version of SQL Server this application is running. So, this other little SQL hint, so there's lots of examples you can get from information, or examples for SQL injection itself, this portal comes with a few by default. And I can say, now let’s search for this one. Oh, I wasn't able to, oh look at that. I now know what their password is. Is that useful information? Feel like it is. Feel like it is. Let's look at the last one they have here, and now they're going to try something a little bit different, and they're just going to stuff some information into a system table. And, now what comes back? Now those first 2 returned an error. Right. So immediately I know my application isn't handling errors properly. Correct. Because it is giving back information to the person that has triggered the error. But SQL injection doesn't have to trigger an error. If you know this, right now, what I was able to do was to run this query and I was able to get information back without it actually being an error. Now I actually have another example of a query here. Let me just see, let me just copy this. You know what else I can get? I have this little extra one because I happen to know in this database there's a credit card table because they're patients. So, I could go through and I could get information about the scheme of the database, and then I could run something, see, look at that. Hey, I think I know Zachary Moore's credit card number now. So, this is the type of information that can be freely available, and something like a sqlmap is going to help me find this. Because you could spend all day just typing in stuff and trying to figure out, is this vulnerable or not? But usually you're trying to hurry up, and get in and out before somebody knows that you're there, so you need something to automate it like you were talking about. Right. So, what I have here is, I have an example of the sqlmap tool, so it uses Python, OK, let's not be afraid. Just a little bit of code. What I had done though is I, I'm going to point it at my security sample website, I already know it's running SQL Server, so I put in a handful of flag switches here, in order to make this run just a little bit faster. And if I hit enter now it's going to run, it's going to say OK let’s just test a few things, and I'm making it do a few defaults for me. And I'm just automating this, I run this sqlmap, I do it against my own blog, I do it against friends' websites, just to see. Now look at this, oh it found some information there. Looks like that credit card table came back. Oh, look at all that. And look at that, it comes back, and it says by the way in the table 'creditcards' I found six entries. It's actually output this information into CSV files. See right there? Mhm. Into the "dump\Clinic\creditcards." So, when it finds that information, sqlmap goes and says, great, not only am I going to display it for you in the console, but I've grabbed it, it's all into CSV files for you. And now you sell those on the dark web. And then just, yeah. Yeah. And you're done. So, what this also does though, because I built this all on top of Azure, Azure has this wonderful thing called Advanced Threat Detection. And one of those things it will do, that it will check for, is it'll check for active SQL injection intrusions, or if you have a SQL injection vulnerability. In other words, if your code, your store procedure, allows for the potential for SQL injection to happen. And what it ends up doing is it generates these emails, so I've triggered a handful of emails right now, live happening here, everything you see now is live, it's happening live. Happening now. And this just shows up. So now as an admin, I look at it and I say oh, I actively have an issue, that I now need to go and take action upon. So, there are ways for you to be aware of SQL injection, those types of vulnerabilities, there are tools that exist in order to help with that, in order for you to do the testing. And what are those five things? Identify, Detect, Protect, Respond, Respond. and Recover. So, this is the detect and the respond part of that, right? Definitely. And that's, to me, the beauty of the sqlmap. Understanding what the SQL injection, the type of information that somebody might get from that, and the way for you to kind of alert yourself, and to basically be proactive about your security, your data security and privacy. And something also when you're talking about red team and blue team, when we were first getting started, something that we did was white team, blue team, red team. And what that was, was if a company wanted us to come in, and actually infiltrate the company without being known. That's right, yes. So, it was a little bit different than the red team, blue team that you were talking about, but I encourage it just as much as you said how you do that with your own blog, and how you help other people with their websites. I just recently was running into a website that I was telling you about where they left the guest account open, and they didn't know it because they had an IT consultant company actually do that for them, who left that back door open. That's some consultant. Right. But it's one of those things that we have to think about because when we're installing software, when we are doing things, we need to think of the whole realm. There are things as guest accounts, because it's out of the box setups. Yep. There's things as default passwords that are being done, that allow people to have access, and as easily as you just showed how to use sqlmap, you can do it too. That's right. So, I think you need to understand that, what we wanted to do today is showcase, you know hey, there's security things that are out there that we can help you with, and we want you to know what this means. It's one thing to say, oh well there's a SQL injection issue. OK, I've said this before to many people, and it's blank deer in the headlights, right? So, it's one of those things where I was like, ah, I want to talk to Tom on this and bring this to light, so that we can actually show you guys, so you understand there's a problem. There is something that can actually happen here with SQL injection, it's not just a buzzword, it can actually happen to you. Right. [electronic noises] OK, so I want to talk about logs. All right. And a lot of the times people are like ugh, God, logging, like you turn that on and blow it up and I don't know what it is, but it's off somewhere and we'll just deal with it if we ever have a problem, right? Right, you just collect all the metrics you can, and figure it out later. And that seems to be kind of like what happens, and I always call it, kind of like the fire hose effect, right? A lot of times you guys will get a SIEM tool, or a logging collecting tool, and everything is turned on, and then next thing you know, you're not looking at it. It's just sitting there, it's collecting, might be somewhere where I need to look at it at another time, but you're not actively using it. And something that I want to talk about is like there's automatic threats that you can program in there, there's things out of the box, things of that nature. So, with Log & Event Manager what I wanted to focus on is it got a little bit of an update, and I'm going to show you that, and then mainly, it's just I wanted to talk about how we're able to do different appliances, flat files, and the importance of knowing that. You were talking about SQL injection and how you were getting alerts, and there's loggings that are coming across there. These are things that you can be proactive about within your SIEM tools and your logging tools. And it doesn't necessarily have to be Log & Event Manager, I mean we've got Loggly, we've got Log Manager, things like that; that we have available for you. But I just want to kind of focus in a little bit. And with, when we're talking about proactive, things like USB monitoring and notification. Mhm, yeah. Right? So that's something that Log & Event Manager does, you've seen us do that plenty of times, and a lot of the times we want to talk about kind of forensic analysis and what that means. And you were just talking about, like we're talking about response, and when we're doing things like that, especially based upon NIST, how do we actually answer the call if something happens, right? So, when we're collecting all of these logs, and you have an anomaly, how do you know that you have an anomaly, right? Like that's kind of a main thing, right? It just looks different. Exactly though. It does, it looks different. There's something not right. There's like a heartbeat that just skips. Yeah. You know, and I always tell people I want you to breathe in the network and your infrastructure, and kind of breathe out. Because if you have that health sense about you, you'll see the ticks, and you can't ever turn on monitoring, or logging after a situation. And that's my main focus for you guys, as for my security advice for today, is you can't after the fact try to be proactive. Yeah. And you can't after the fact try to be able to do a root cause analysis if you don't have data that's available. So, I'm going to show you a little bit more about what we do with LEM. And so, I'm going to dive in here if you don't mind. I don't mind. All right. So, mainly, taa-dah! I don't know if you guys are happy as I am to see what this screen is looking like. I am happy. [laughing] Some of them are happy too. You've got to be happy, right? Like you guys have been asking for a more of a web interactive user interface, and now we've actually got that for you. Awesome. And this is part of that dedication that we're trying to strive for with that security realm, we're kind of hitting that on a hard basis right now because it's so important, right? It's that fabric of your infrastructure. And we've got your back in this situation, and we're listening to you. So, as you can see here it's kind of going crazy. It's collecting anything that's coming across here. Now what I like though is that I'm able to go through here, and I can actually look up the events specifically. So, if I'm looking for SQL alerts, did you see how quick, like this just makes me happy, especially if you've had Log & Event Manager before. This is probably going to make your eyes be like what, this is awesome. Yeah. So, I can historically look at this information. And it's not just a whole bunch of like oh my gosh, here's all the alerts. I want to look particularly into this one, so I'm going to click on it, and I get the full details, it's not just like a syslog message, or a trap that's coming across there, in a viewer, it's interactive. So, you're able to view it, you're able to look at it, you're able to see the live mode, you can stop live mode if you need to, so if you're doing that root cause analysis. And the main focus point that I have is, if you have a SIEM solution, or if you have logging information that's going on, you need to be able to interact with your data. And I think, I feel like that's something that people don't do enough of, if that makes sense. Like even when you're monitoring, I feel like you don't actually interact with the data that gives you a lot of valuable information when things are fine. Like if I'm going through here and I'm noticing that there's events, and I'm like hey, on average I get about 2000 SQL events. OK, great. But tomorrow I get 6000. Hmm. Might be an uptick. Might need to really look into there to see what's going on. Could be normal. You could get that; that day of the year, every year. It could be. That's why if you start looking, and actually drilling into your data, you'll understand that that's that health fix. Like you're feeling like you're OK on there. So, I want to look at some of this because it's not only collecting logs for anything of which that you're putting across it, but it's also doing internal logs as well, so that you're able to keep in-depth with your program that's going on. Look at all this good stuff. And I can know what people are doing, right? Because your logs, just like you were showing, when there's events or error messages, you can get valuable information off of that. So, if I'm looking in here and I'm like, I need to know internal audits, who's been accessing my LEM solution? What have they been looking for? What have they been analyzing? What are their reports on? It kind of lets me know how people are using it, so that we can better set it up and maybe customize some of those compliance reports for management behind doors. So, you would describe this as the auditor? Mhm, definitely. Right. And I think you should do that. Like I feel like that's something that everybody should be a part of. I do that with my SolarWinds Orion Platform products. I use the audits. I want to know who all's been accessing, and most importantly what has not been accessed in three months. Does that account need to be open? Because, is that person still here, is there things like that? Mmm. So, I feel like if you're not auditing yourself, like your self-programs, then you could be missing vital back doors that could actually be happening there as well. So, when we're looking at these, and we can see like hey, something is killing all the instances in the console, if you're having a whole bunch of pop-ups for the USB alerts that are going off, you're going to see that here. Is there something that, maybe I missed in an email, but I'm seeing here when I'm looking? This is all pertinent information. Now a great thing that they've also added into this is that I can go up here and hit the manage portion and it sends me directly to... The management console. Nice. So, I'm interacting and I'm not having to go remote desktop, or to be able to drill into anything, I'm able to see. And we were just discussing Word Cloud, and the importance of what Word Cloud can offer you for logs. And I'm just going to reiterate this, my main focus is, when I use Word Cloud, is there's something that's just not feeling right on my infrastructure. And that could be a whole bunch of slowness is happening on the East Coast. Or there's something that's happening at this moment in time, but I just can't get a fill on it because there's too many alerts, or too many events that are going on. I come here if there is ransomware, or if there's a virus, or if there's a worm, or something that's self-replicating or going across here. When I'm in a loss, I can come to my logging solution that I use here, and I will hit the Word Cloud. And you will start, and I am not kidding, you will see the words and the files, or the event that's happening just start staring you in the face like check me out. I think that's vital. Oh. So, and what you've done here is you've highlighted just for a minute and a half worth of activity over on the left there, so for all those events, about 8000 events, you can, I mean we already saw the server name on the other screen, so if you had to go back, and if you were looking at detect phase of security, you'd be like oh, I know what server's involved for all of these events. It's a way for you to get to, I want to say, your time to action is reduced. Instead of looking at all of these events, I don't know what to look for, your time to action where you say, yes sql02.emea.sales, there's an issue right there on that server, let me get there right now. Definitely. And that's the thing is that a lot of the times, not necessarily like all the time, but most of the time there's a ground zero, there's something that is happening on your infrastructure. It's not going to be a textbook oh yes, well that was common vulnerability number CS blah, blah, blah. No, it's happening now. It's not a known issue, or it's something that's going on, or somebody is internalizing a threat, right? They are actually actively trying to do something. You have the management console to help proactively, as well as reactively do something about it. We are able to, like if there's a whole bunch of USBs that are turning, shut them down. If there's people trying to spin up admin accounts, and we see that, shut them out. Like this is a, not a set it and forget it tool, your Log & Event Manager is more of an interactive, it's a breathing, it's like I've got my shields up and I'm ready to attack. That's how I feel about Log & Event Manager. And then now mainly, when we start talking about access rights, and when we start seeing things like the administrator accounts, we have a way to actually respond to if those things are happening. Oh, we do. So, lets pause for a moment, I'm going to switch gears and we're going to go into Access Rights Manager. All right. So that when we start seeing things happening, we have an answer for you. OK. OK, so I wanted to talk about having an action back, right? Mhm. Is that we now have Access Rights Manager. And that's going to allow you to not only just monitor your Active Directory, it goes a little bit beyond that. Actually, a lot more now because we have Active Directory Rights Management for Azure as well. Yes, Azure Active Directory. Yes, definitely. Which is something that I thought was really cool in case you guys didn't know that. Now part of this also is that outside of the Active Directory, it also will monitor your Windows file shares, your Microsoft Exchange, it's going to have SharePoint access management and monitoring, as well as user provisioning. Now this is the part that I like because a lot of the times those are one of those things that, yes, I know I have to provision the users and da-da-da, and it kind of gets pushed away until, I don't have rights why isn't this done? OK, hang on, just a second let me get this done for you. Well this has a self-service application within it that will actually let you self-service yourself if you need to be provisioned. OK. Need new users, need people to be taken away, and it's all in one system so it audits itself. So, like through the use of a template? Yeah, I'll show you. So, what you'll do is, you will actually ask permission, it will let us know when we're in Access Rights Manager. And then we're able to provision you based upon the template of which department you're in. OK that's cool. What you need to do. All right, and then you're also able to do like an analysis on your permissions. So, what I want to focus on now, is I want to kind of take you through, because some of you guys have been in Access Rights Manager, and you kind of get lost in the woods because you get so excited about all the important management aspects of which that you can do. And so, what I wanted to focus on is kind of this first page, and it's a start page that comes up here. And I'm just going to kind of walk you through this, so you get a better example of why this is so beneficial to have for you and how this helps to alleviate the burden that sometimes happens with Active Directory. OK, so I just love this page. Right? It's helpful. I just see all this stuff, oh my God. It's like a resource center that's just waiting for you to grasp onto. I just want to dive in right now, unresolved SIDs, who has access where, oh this is all great data, I love it. Definitely. And that's what I feel like a lot of people miss because they actually skip past this, and then they start going to dashboards, and they want to scan, and they get all excited. And that's 100% fine, you guys do whatever you need to do, but to make sure that you get the full use and capabilities out of your product, I wanted to show you what is available to you out of the box. So, like I said, there's the start screen, that's going to come across there. I'm going to go in here to something that, for me, seems pretty good. Where does a user/group have the access? Oooh. As a security person, the... The "Everyone" group. Yes. These are those default things that we always talk about that kind of get in the wayside and we just forget that they're there, or maybe we're just not paying attention. Or you use everyone as troubleshooting, you're trying to debug something, hey does the "Everyone" group work? And then you forget to take it away. Especially when you're installing new software. Yeah. You know what I'm just going to do this, and then I'll change it back, but by the time you finally get through all the wizards and done, you forget to do it, you get out of there and you never think about it again. Mhm. So, as you can see, there's many different choices of which that I could have. You can reset it, you can add, if you're wanting to do things in that nature as well, and then, guys, you just hit start. [laughing] I don't know, I'm trying to tell you, I want you guys to use this product because it really helps not only train you into a better hygiene of how to do things with your Active Directory as well as just rights management, period. It's literally here just unfolding before you like let me help you. So, in a group here I'm noticing Domain Users, Everyone, so those are all expanded things, and it's showing where the Domain Users group is on all of these endpoints. As well as if you look over onto the right it will actually show you in case they modify the rights. Right so special permissions, oh boy. This is fabulous. Right? So, we can click into these and actually see oh my goodness, we have extended rights, they're enabled per user reversibility, we've got unexpired password, we've got all of these things that are coming across here. So, it's exciting, right? So, a lot of the times when I'm trying to explain Access Rights Manager, we talk about the functionality of it being able to manage. And this is why this Lab was so important to me because I wanted to really show you that this is a handholding, let me help you take back your infrastructure on rights management, and that's kind of where we wanted to focus on here, so. Yes, as you can see, there was so many different great opportunities that we're able to report up against, you're able to see and filter through here, so if I want to search for a certain group, or if I'm wanting to search immediately for things. And here is mine that I like, there's a comment section that we can actually look into there. So, I can click in and say, this is what I'm doing. I'm removing this account, this is why, I have a change request, so this is why I have to change this. You know and blah, blah, blah, this is my number. Not only is this GDPR compliant because we're able to comment on every section that comes through here, but it's also a way that you're able to help train, you help to self-audit yourself, and how you can help the security teams understand the decisions that you're having to make, right? Because sometimes we say we're going to block something down and then you get a new program 6 months later, and you have to open up rights. Security team needs to understand why do you need those rights and what do we actually need, do you need full access, or can we get away the modify as special permission? By being able to comment in here, we not only set a precedence but a storyline so that if we need to go to like the security officers or anything, we can say this is why we have to change this, maybe we need to redirect policy. So, annotations and comments are wonderful things. I always say consider this a note to future you. Yes. Like today if you want to remind yourself 6 months from now, why did you block this access? So, when that new program shows up you say, oh, here's that ticket number, this is why we did all those things, remember? [laughing] Oh, right. Exactly. And here's the one that you see here for Azure AD, and we can actually look into the groups, and the roles, and see what is going on there as well. As I was saying, that's one of the newer things with Access Rights Manager is the Azure capabilities, which I think is great because a lot of things are going more Azure, which is fine and great, but we need to be able to still have access and to be able to do things with that. Well, Azure AD is the hybrid story, right? Yes. Because this is how people are being able to just go back and forth. If there's something on Azure, there's something on-premises, it's just the idea of You're combining them. Making it seamless. Especially for somebody that needs to manage the access rights. It just makes it easy for somebody to bounce back and forth because it's all right there, it's all connected, and you can just see it. Yes. And that's something that I truly hope you guys are able to understand and grasp into here, is that we're wanting you to stay into Log & Event Manager. We're wanting you to actually see and interact with the data. This, cloud versus on-prem, we are interacting with not cloud and prem, but our infrastructure. We are interacting with what we control, and what we actually manage and have needs for. And I think that's very important because you don't need to be switching in between several different tools, because you're missing points. This is analyzing everything that you have within here, as a whole. Mhm. It's the big picture. It's not just looking like through a scope of, well I can see this over here, but I'm not really grasping how this is connecting. Well, for me, this tool is a tool for any company that is hybrid. Which is every company. Pretty much, yes. Because that's usually one of the stumbling blocks, well I want to go cloud, but I have all these rights in the cloud, how am I going to manage or even look at all that stuff? This is how you do it. With a tool that is, I would just say, fully hybrid compatible. I just made that up, I should trademark that. Trademark it, stamp it, and done. OK, and so, like I said this is available for you, so that you're able to go through this and walk through the process. But we're going to go right back down into here, so I'm going to look at, we have user provisioning, that we were talking about. Yeah. If we needed to create and to go through there. We have security monitoring, so this helps you with that compliance aspect, right? We're helping you to be more compliant, is what we're trying to do. So, you're able to see like who did what, except authorized users, what's going on? And when we look at these reports, you're able to title them, you're able to save them, you're able to configure them. You can actually send these on, kind of like what we're used to with most of the Orion Platform that comes across there. And then if we want to look at unresolved SIDs, you're able send out these reports that come across there as well. So, one of the main things, like when we're trying to create users that come across, this is what I wanted to show. We have the template like you were talking about. Yeah. Yeah, yeah. So, we have the templates that are available in here, which you create, and you help to come across there. You're able to, this is what I like, is because the departments, you know, you have a different level of modified rights in a HR department, access to a certain database. Right. And then on our dev team, we have certain levels of modified access to certain databases that still may reside on one SQL Server, but we need to make sure that we're applying the correct, what are the rights they're supposed to own and have? Like, out of the box. Out of the box. Day zero, as an employee, what do they get. Yes. Exactly. And so, what we do is we build these templates, you are able to build these, based upon your own company's security policies. That's vital, that's something that I want everybody to, to get used to. Because we all have different actual business policies that we have to adhere to. Absolutely. And by having our own templates to create by department, by activity, by what you're doing, that helps to quit the fat-finger, the mistake, the human error, because we know we have a valid template. This is the access that you should have. And you roll that out, and you're able to get that done. Give me Administrator rights. I'm not giving you Administrator rights. So, I just wanted to open one up, so this is, we're creating the account. So, you're able to give this the given name, the surname, you have the information that's coming across here, we're able to see the IDs, with a location, the group memberships, all of this is out of the box, set up for what they're available to have for that HR. You can also see, am I supposed to create the Exchange mailbox? Yeah, nice. These are all just tedious things that we now have, in one location, because we're giving you your weekend back, right? Yes. Like that's the whole point. Like, hey, we want you to be able to successfully do your job, when you're supposed to be there, not on the weekend or on overtime. What? Because you've got these tedious tasks that are just back-building for you. People get to go home? I didn't know that. Yeah, supposedly. But, no. So mainly we were wanting to focus today on security realms, but also being able to have a way of collecting these security issues that can happen, from SQL injection and other things. As well as, hey, when we're talking about access, and we're talking about rights, how do we help you from SolarWinds, and I hope that we have answered that question, especially with the Access Rights Manager. [electronic noises] Well that is a ton of security greatness that we just covered. I hope you guys were able to see how the threats are not stopping, and how SolarWinds isn't either. Yeah, exactly, those threats, they're not going away. And in fact, they're becoming the norm, at an ever increasing and alarming rate. I hope today that we've shown them what some of those threats are, what they look like, and tried to help you be a little more proactive about your security. Exactly. OK, well it's that time again, I'm Destiny Bertucci. And I'm Thomas LaRock, and thank you for joining us today on SolarWinds Lab. [electronic music]