University of Wisconsin–Madison

Endpoint Management & Security Project

An endpoint is a computing device that communicates back and forth with a network, including but not limited to desktops, laptops, servers, and smart phones. Endpoint protection is critical to reduce threats to university networks.

The UW System Information Security Program requires UW–Madison to standardize tools that will enable a campus-wide inventory of university-owned endpoints, provide the capability to connect to all devices, and enable central logging and activity reporting. In addition, the protection of UW–Madison endpoints that access University data is critical to reducing the overall security risk to the data these devices encounter. This project will curate and deliver a set of flexible endpoint management and security tools, supported by core campus IT organizations and used by distributed IT organizations, to achieve the goals stated in the UW System Information Security Program.

UW–Madison is evaluating leading industry and forward-thinking technology solutions that address disparities in endpoint management and security across organizations, which will help us meet the UW System requirements and our own endpoint management and security needs. Phase 1 of the project is to identify, procure and implement a common set of efficient and effective solutions before March 2020.

Timeline to Date

The Endpoint Management & Security Project completed its RFP process in August 2019. The project spent Q4 2019 and Q1 2020 in a planning phase with members of the campus community. The planning phase included:

  • developing use cases for university-owned devices requiring endpoint security and endpoint management,
  • evaluating solutions for personally owned devices,
  • modeling a campus service offering,
  • developing a financial estimate for the implementation phase and the ongoing service,
  • creating an implementation plan for campus.

Additionally, the planning teams reached out to campus IT partners to assist with identifying additional use cases not documented in the RFP, developing an estimate of campus endpoints for licensing negotiations, and determining department resource needs for campus implementation activities.

Next Steps

In February, the team requested funding for the recommended solutions chosen in phase one of the project. Due to the financial impacts of COVID-19, the team has been asked to review the recommended solutions to explore cost-saving alternatives. Once funding is approved, contracts will be negotiated and implementation across campus will begin. We expect the implementation phase to begin in late June.

Endpoint Security:

The license for Symantec Antivirus will end June 24 for students and July 31 for faculty and staff. For more details about the Symantec expiration and availability go to Endpoint Security – Campus Symantec License Expiration (KB 102577). If you have downloaded and installed Symantec Antivirus, please remove it before those dates using these instructions:

The replacement antivirus solutions will differ based on whether the device is owned by the university or personally owned, which sometimes is referred to as a “Bring Your Own Device” (BYOD).  The roadmap for these options can be found at Endpoint Security – Cybersecurity Roadmap & Recommended Antivirus Solutions

Solution for UW-owned devices: 

Symantec Antivirus will be replaced by Cisco Advanced Malware Protection (AMP) for compatible operating systems (e.g. Windows, macOS, Linux) on managed devices.

IT Administrators can find more information at Cisco AMP – An Introduction to Cisco AMP for Endpoints (Source: KB 90958).

Solutions for Personally-owned devices (BYOD):

If you have previously installed the University’s version of Symantec, please uninstall prior to June 24 (for students) and by July 31 (for faculty/staff).

For Windows OS: 

For all faculty, staff and students, the Office of Cybersecurity recommends using the built-in antivirus protection software called “Windows Defender.”

Follow these instructions for setting up Windows Defender:  Windows Defender – Enabling Antivirus Threat Protection & Windows Firewall (Source: KB 100278).

For macOS:

For faculty and staff only we recommend accessing the Campus Software Library to install Trend Micro. Follow these instructions for accessing Trend for macOS Intro to Trend Micro for Personally Owned macOS Devices (Source: KB 101735)

For students, macOS includes some built-in protections, e.g. Gatekeeper. Learn more about the Built in protections for macOS (Source: KB 102041). In addition, we are aware of Sophos and Avast as possible additional protections for student personal macOS. You can learn more about those tools, and others, here.

For Linux OS:

The Office of Cybersecurity recommends Clam AV (Security – Available Antivirus Software for Personally Owned Devices (Source: KB 63977)

If you have questions about the Endpoint Management & Security Project, please refer to Endpoint Security – FAQ for the Endpoint Protection Project (Source: KB 103327) or direct them to endpoints@office365.wisc.edu.

Project timeline

High-level milestones

Line art image of a magnifying glass in a circle

Tool inventory & requirements elicitation

Line art image of a light bulb in a circle

Vendor research, peer benchmarking, RFI process

Line art image of a coin

FY19 funding, FY20 budget, RFP

Line art image of a check mark in a circle

 

Line art image of a check mark in a circle

 

Line art image of a computer with arrows going outward in a circle

Previous licenses expire

Frequently asked questions

This is an accordion element with a series of buttons that open and close related content panels.

What’s an endpoint?

An endpoint device is an internet-capable computer hardware device on a TCP/IP network. This includes but is not limited to computers, laptops, smartphones, tablets, thin clients, printers, and other specialized hardware such POS terminals and smart meters. From a security perspective, a server is also considered an endpoint.

Although we’re not managing many of them to the same degree as desktop computers and laptops, we also consider the following endpoints for this project:

  • Printers that are network addressable. (For example, a stand-alone printer connected to a switch is an endpoint whereas a local printer connected to a PC or Mac device that is only addressable by that device is not.)
  • Copiers that are network addressable.
  • Mobile devices that were purchased with UW funds for conducting UW business.
  • Network-connected lab devices or similar.
  • Network-connected freezers and refrigerators.
  • Network-connected AV equipment.
  • Network-connected IP cameras.

In short, an endpoint is a computing device that communicates back and forth with a network. All endpoints, when connected to a network, are open to a number of vulnerabilities if not properly protected.

What are endpoint management and security tools?

Endpoint management tools help keep track of devices used in a system to ensure their software is secure and up-to-date.

Some of the endpoint management and security software (tools) in use on campus today include Symantec Endpoint Protection, Cisco Advanced Malware Protection, Palo Alto TRAPS™, System Center Configuration Manager and IBM BigFix, which support virus protection and operating system and software updates and patches.

What is included in an endpoint management and security program?

Important components of an endpoint management and security program include:

  • Consistent management of university-owned devices including inventory, patching, and vulnerability management
  • Identification of security threats and active mitigation of threats such as malware
  • Protection for mobile devices such as tablets and smartphones

Because many people in the UW-Madison community bring their own devices to campus, the project will also include recommendations for personally-owned and unmanaged devices used throughout the university.

Why does UW–Madison need this project?

An endpoint security system is developed to protect the endpoints and their network from malicious threats. It provides a central method to secure the IT network and give visibility to vulnerabilities and risks over time.

Currently, endpoint management is inconsistent across campus. In addition, license and support contracts for our current security agents are due to end. This project seeks to deploy a solution that provides the ability to centrally manage endpoints and provide security agents for over 80% of the campus computing environment.

What is the scope of this project?

The UW System Information Security Program requires UW-Madison to standardize on tools that will enable a campus-wide inventory of university-owned computing devices, provide the capability to connect to all devices, and enable central logging and activity reporting. In addition, the protection of UW-Madison computing devices or endpoints (e.g., desktops, laptops, servers, mobile devices, etc.) that access University data is critical to reducing the overall security risk to the data these devices encounter.

In order to meet UW System requirements and ensure the protection of UW-Madison data, rationalized and strategically sourced endpoint management and security tools are needed. This project will curate and deliver a set of flexible endpoint management and security tools, supported by core campus IT organizations and used by distributed IT organizations, to achieve the goals stated in the UW System Information Security Program.

UW-Madison is evaluating leading industry and forward-thinking technology solutions that address disparities in endpoint management and security across organizations, which will help us meet the UW System requirements and our own endpoint management and security needs.

In case you missed it

Get updates in your inbox

Subscribe to the Endpoint Management & Security Project mail list for updates on progress and outcomes.

We want to hear from you

Questions about the Endpoint Management & Security Project?

Email us for answers

Project Team

This is an accordion element with a series of buttons that open and close related content panels.

Executive sponsor

David Pagenkopf, Deputy CIO

Endpoint Implementation Leadership Team

  • Tamara Walker (DoIT)
  • Bob Turner (CISO)
  • Kevin Cherek (AIMS)
  • Chris Spencer (SMPH)
  • Thomas Hartman (CALS)
  • Kim Miller, Communications
  • Mark Treiber, PM

Endpoint Implementation Core Team

  • Jeff Savoy (Co-Chair)
  • Chris Poser (Co-Chair)
  • Tomomi Imamura (Technical Lead)
  • Oakes Dobson (Technical Lead)
  • Dave Schroeder (Technical Lead)
  • Pat Daley (Technical Lead)
  • Daniel Simanek/James Leaver (OVCRGE)
  • Kerry Tobin (CALS)
  • Sterling Anderson (L&S)
  • Chris Wiswell (Athletics)
  • Charlie Maurice (Engineering)
  • Drew Gardner (WID)
  • Jon May (DoIT Data Center)
  • Mitchell Karam (SSCC)
  • Jon Meling (GLC)
  • Cory Chancellor/Derek Tessman (AIMS)
  • Will May (Information School)
  • Susan Weier (LSS)
  • Sara J Nagreen (Mathematics)
  • Eric White (Survey Center)
  • Eric Giefer (Law)
  • Curt Shomberg/Matt Schultz (SMPH)
  • Jen Sutherland (ITIL)
  • Ed Jalinske/Sara Tate-Pederson (IT Policy)

Communication Team

  • Kim Miller, DoIT
  • Lauren Bruce, DoIT
  • ISCOM
  • Cybersecurity (Ed Jalinske)

Procurement

  • Bruce Reilly
  • Warren Robards

Other Advisory Teams

  • CIO Cabinet
  • T&L TAG
  • Research TAG
  • Core Services Advisory Group