An endpoint is a computing device that communicates back and forth with a network, including but not limited to desktops, laptops, servers, and smart phones. Endpoint protection is critical to reduce threats to university networks.
The UW System Information Security Program requires UW–Madison to standardize tools that will enable a campus-wide inventory of university-owned endpoints, provide the capability to connect to all devices, and enable central logging and activity reporting. In addition, the protection of UW–Madison endpoints that access University data is critical to reducing the overall security risk to the data these devices encounter. This project will curate and deliver a set of flexible endpoint management and security tools, supported by core campus IT organizations and used by distributed IT organizations, to achieve the goals stated in the UW System Information Security Program.
UW–Madison is evaluating leading industry and forward-thinking technology solutions that address disparities in endpoint management and security across organizations, which will help us meet the UW System requirements and our own endpoint management and security needs. Phase 1 of the project is to identify, procure and implement a common set of efficient and effective solutions before March 2020.
Frequently Asked Questions
What’s an endpoint?
An endpoint device is an internet-capable computer hardware device on a TCP/IP network. This includes but is not limited to computers, laptops, smartphones, tablets, thin clients, printers, and other specialized hardware such POS terminals and smart meters. From a security perspective, a server is also considered an endpoint.
Although we’re not managing many of them to the same degree as desktop computers and laptops, we also consider the following endpoints for this project:
- Printers that are network addressable. (For example, a stand-alone printer connected to a switch is an endpoint whereas a local printer connected to a PC or Mac device that is only addressable by that device is not.)
- Copiers that are network addressable.
- Mobile devices that were purchased with UW funds for conducting UW business.
- Network-connected lab devices or similar.
- Network-connected freezers and refrigerators.
- Network-connected AV equipment.
- Network-connected IP cameras.
In short, an endpoint is a computing device that communicates back and forth with a network. All endpoints, when connected to a network, are open to a number of vulnerabilities if not properly protected.
What are endpoint management and security tools?
Endpoint management tools help keep track of devices used in a system to ensure their software is secure and up-to-date.
Some of the endpoint management and security software (tools) in use on campus today include Symantec Endpoint Protection, Cisco Advanced Malware Protection, Palo Alto TRAPS™, System Center Configuration Manager and IBM BigFix, which support virus protection and operating system and software updates and patches.
What is included in an endpoint management and security program?
Important components of an endpoint management and security program include:
- Consistent management of university-owned devices including inventory, patching, and vulnerability management
- Identification of security threats and active mitigation of threats such as malware
- Protection for mobile devices such as tablets and smartphones
Because many people in the UW-Madison community bring their own devices to campus, the project will also include recommendations for personally-owned and unmanaged devices used throughout the university.
Why does UW-Madison need this project?
An endpoint security system is developed to protect the endpoints and their network from malicious threats. It provides a central method to secure the IT network and give visibility to vulnerabilities and risks over time.
Currently, endpoint management is inconsistent across campus. In addition, license and support contracts for our current security agents are due to end. This project seeks to deploy a solution that provides the ability to centrally manage endpoints and provide security agents for over 80% of the campus computing environment.
What is the scope of this project?
The UW System Information Security Program requires UW-Madison to standardize on tools that will enable a campus-wide inventory of university-owned computing devices, provide the capability to connect to all devices, and enable central logging and activity reporting. In addition, the protection of UW-Madison computing devices or endpoints (e.g., desktops, laptops, servers, mobile devices, etc.) that access University data is critical to reducing the overall security risk to the data these devices encounter.
In order to meet UW System requirements and ensure the protection of UW-Madison data, rationalized and strategically sourced endpoint management and security tools are needed. This project will curate and deliver a set of flexible endpoint management and security tools, supported by core campus IT organizations and used by distributed IT organizations, to achieve the goals stated in the UW System Information Security Program.
UW-Madison is evaluating leading industry and forward-thinking technology solutions that address disparities in endpoint management and security across organizations, which will help us meet the UW System requirements and our own endpoint management and security needs.
Q2 2018 — Discovery
Tool inventory & requirements elicitation
Q3 2018 — Tool Research
Vendor research, peer benchmarking, RFI process
Q4 2018 — Budget Model & Purchasing
FY19 funding, FY20 budget, RFP
Q3 2019 — RFP Completed
March 2020 — Phase 1 Completed
July 2020 — Implementation Begins
Previous licenses expire
David Pagenkopf, Deputy CIO
Endpoint Implementation Leadership Team
- Tamara Walker (DoIT)
- Bob Turner (CISO)
- Kevin Cherek (AIMS)
- Chris Spencer (SMPH)
- Thomas Hartman (CALS)
- Kim Miller, Communications
- Mark Treiber, PM
Endpoint Implementation Core Team
- Jeff Savoy (Co-Chair)
- Chris Poser (Co-Chair)
- Tomomi Imamura (Technical Lead)
- Oakes Dobson (Technical Lead)
- Dave Schroeder (Technical Lead)
- Pat Daley (Technical Lead)
- Daniel Simanek/James Leaver (OVCRGE)
- Kerry Tobin (CALS)
- Sterling Anderson (L&S)
- Chris Wiswell (Athletics)
- Charlie Maurice (Engineering)
- Drew Gardner (WID)
- Jon May (DoIT Data Center)
- Mitchell Karam (SSCC)
- Jon Meling (GLC)
- Cory Chancellor/Derek Tessman (AIMS)
- Will May (Information School)
- Susan Weier (LSS)
- Sara J Nagreen (Mathematics)
- Eric White (Survey Center)
- Eric Giefer (Law)
- Curt Shomberg/Matt Schultz (SMPH)
- Jen Sutherland (ITIL)
- Gary Declute/Ed Jalinske (IT Policy)
- Kim Miller, DoIT
- Lauren Bruce, DoIT
- Cybersecurity (Ed Jalinske)
- Bruce Reilly
- Warren Robards
Other Advisory Teams
- CIO Cabinet
- T&L TAG
- Research TAG
- Core Services Advisory Group
Get updates in your inbox
Subscribe to the Endpoint Management & Security Project mail list for updates on progress and outcomes.
We want to hear from you
Questions about the Endpoint Management & Security Project?