University of Wisconsin–Madison

For IT security, campus departments get strategic

This is the April 2012 CIO column for Computing@UW-Madison

Maintaining IT security on campus requires a strategic approach. UW-Madison, Federal granting agencies, and the state impose strict requirements for security, and compliance is an ongoing challenge in an era of tight budgets.

Seven campus units are working with the Office of Campus Information Security (OCIS) to test drive a set of security tools that could eventually underlie IT security campuswide. The tools, many of which are free, help to achieve key objectives:

  • Firewalls prevent unauthorized access to networks.
  • Antivirus software protects department computers
  • Identity Finder locates sensitive data stored on departmental computers
  • Centralized update tools automatically propagate critical software updates to departmental computers.
  • Security Event Management centrally monitors a department’s security environment.

Since OCIS began the pilot in mid-2010, testers have used different components of the security toolkit, depending on their needs and circumstances. They can choose from any of several solutions to address critical security functions. Here is what they are reporting:

Jason Pursian, Security Officer and Assistant IT Director, College of Agricultural and Life Sciences:

Without a doubt, these tools are improving our security management. We use Symantec Endpoint Protection antivirus, Identity Finder, and Tivoli Endpoint Manager and also run quarterly scans on all of our networks. As Security Officer for CALS, I’m the conduit for incident reports from OCIS. In the last six months or so, we have seen a drastic decrease in reports from OCIS, which reflects fewer security incidents.Over the last few years, CALS has taken security steps that helped – a network firewall, host-based firewalls, antivirus, regular patches. And it also helped to have a flow of information about security from the College to local IT administrators to end users.

Another tool we use is Nessus, a security scanning product that is being hosted by the College of Engineering. It shows what people on the outside can see about us. It has opened our eyes to what’s out there. You can’t protect against what you don’t know about, and Nessus has helped us with that.

Tivoli Endpoint Manager has helped us make the most of our staff and budget resources. It has a high bar to implementation. But if you can stay with it, it can drastically reduce the time needed to patch your machines. Now we can spend our time where we should – on support. We can be proactive about things rather than reactive.

Eric Giefer, Director of Information Technology in the Law School:

We’ve had a building firewall for 12 years, so we didn’t need the network firewall that DoIT provides. We do use Identity Finder, which helps us find sensitive information on our machines.BigFix [an IBM product now called Tivoli Endpoint Manager, or TEM] has been a huge step forward for us. It was easy to install – only a few clicks. We can quickly see which machines need patches, and with a couple of clicks we can have the patches scheduled. It also enables us to automatically power machines down at night and up in the morning, so we can install patches before people get to work. A restart every night helps, too.

Scott Bauer, System Administrator in the Pediatrics Dept., School of Medicine and Public Health:

We’ve been using Tivoli Endpoint Manager for patching control for about three months. It enables us to respond right away to needed security updates. Last week, we received new updates for Java and Flash and we have already patched 350-plus machines.This has radically reduced our exposure to security threats. Before, patching these machines probably would not have happened in a timely way. We would not have made it a priority, and patching would have been done ad hoc. Tivoli Endpoint Manager has enabled us to more comprehensively monitor what we’re patching.

Matt Schultz, System Administrator in the Human Oncology Dept., School of Medicine and Public Health:

Tivoli Endpoint Manager has sped up the process of managing patches and system updates. We can use it to estimate how many machines need patching and show us what we’ve done right and wrong. We can address vulnerabilities in a heartbeat. Before, it was like herding cats.With over 200 machines to support, we were getting strapped with weekly updates to systems. Now, we can write scripts to customize things and make short order of a lot of tasks that took intensive effort in the past.

Feedback from participating campus units has been uniformly positive. “Departments that are improving their security baseline are seeing a noticeable reduction in the number of high-confidence alerts that OCIS sends them,” says Allen Monette, an OCIS security specialist.

“These tools help departments follow our Quick Start strategy for security,” says OCIS Director Jim Lowe. “It works. Departments are greatly reducing their risk of a security incident. The tools are easy to install and use and are low-cost or free. They are automating security processes for departments and reducing their workload, while giving them a better insight into the security of their systems.”

For help with managing your department’s security, contact Jim Lowe of OCIS by email or at 263-2477.