The CISO’s perspective: Advanced threat protection!

"Alert, intrusion detected" text on warning screen.

Remember when you received a gift you had hoped for, asked for, badgered your parents for? How about that feeling of accomplishment you had for the day or so after you unwrapped it?

The Cybersecurity team is in the process of opening several coveted gifts and are enjoying the mild euphoria of accomplishment as the wrappers are torn off and we get used to how they operate!

Through a gift from the Wisconsin Alumni Research Foundation and through partnerships with Palo Alto Networks and Cisco, our cyber defenses are taking a huge leap forward starting this month.

Advanced threat protection!

This term is used to describe a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data.

We are now able to view a significant portion of our campus networks specifically searching for indicators of compromise or other “conditions of weirdness” (if that was an acronym it would spell COW – appropriate for Wisconsin, don’t you think?).

But let’s be clear — all we are looking for are those indicators that reveal potential malicious code, defective packets and other things that do not belong in our networks.  We want to stop the “unwanted gifts” that cyber adversaries deposit before they impact your ability to work, compromise your data, lead to loss of the network or your computing environment, result in damage to the University, or cause your research and class work to be altered or disappear altogether!

The Incident Response and Forensics team does not track where you surf on the network or read your private and personal information.

The tools

Palo Alto Networks Next Generation Firewall and Intrusion Prevention Systems are now looking at our important data centers and our wireless environment. These tools are supported by a global threat intelligence capability that identifies bad actors and their code anywhere the Palo Alto customers live — that information is shared with us to ensure we don’t get infected with other folks’ cyber germs.

Cisco Active Threat Analytics (ATA) is used to review router, server and firewall logs to look for activity that could indicate that crooks or “conditions of weirdness” are preparing to drop off obnoxious cyber gifts. Cisco has also provided access to their global threat libraries to ensure we have the latest information on cybersecurity threats.

Symantec Endpoint Protection, Cisco Advanced Malware Protection (AMP) and Palo Alto TRAPS™ are all reporting the status of servers and University-owned assets to ensure patches are up to date, vulnerability scans are taking place, and end points are not compromised. Symantec and AMP are also available for the Bring your Own Device crowd.

Cybersecurity threats and threat actors are becoming more sophisticated. They are also increasing in volume, causing risk management strategies to become more complex.

The Office of Cybersecurity exists to lead and advise the university community on how to provide the necessary risk response measures to adequately protect information systems. We maintain a delicate balance between using tools and processes that seek to avoid risk — but also increase the cost of operations — and risk tolerant strategies that place the university at risk for cyber-attack, data loss or mismanagement, and increased cost to operate. We also try to balance additional system administrative and maintenance costs that may impact the ability of faculty and researchers to carry out the university-wide missions of teaching, research and outreach.

Get to know how we work on your behalf — ask questions, join in the conversations, and seek to understand how you can enjoy the new capabilities we have.

As always, I appreciate your feedback. Simple rules — be nice, be fair and be honest.  Please email your thoughts to cybersecurity@cio.wisc.edu and we will periodically post them with helpful answers.