The Office of the CIO is steering a university wide effort to improve cybersecurity on all university owned devices. With support from the provost and backing of deans and unit leaders, the Cybersecurity Improvement Initiative has rolled out. First on the agenda is using industry-leading software to understand when there is suspicious activity on university networks that might be the marker of impending cyberattacks.

“The staff who work as the first line of defense against cyberattacks have great tools at their disposal so that we can do more prevention rather than reaction,” noted Sandra Thompson, associate director of cybersecurity program administration in Technology Services. Endpoint management and cybersecurity professionals are collaborating to bring these tools online all over campus. With them we have visibility into the state and nature of the systems on our network, better vulnerability management through prompt updates and robust protection against ransomware, malware and other attacks that can lead to costly and time-consuming data loss. We expect that it will also streamline required auditing,” she said.

CII phase one deploys two separate but interconnected things: endpoint management software and CrowdStrike software. Endpoint management allows IT staff to remotely manage some day-to-day operations needed for your computer’s overall health, such as batching patches or updates to university devices, rather than visiting each individual computer. Once a device has endpoint management installed, CrowdStrike offers threat detection and mitigation.

Think of it like the notification on your home security system. You can sign up to get notice if the camera sees something. Then you can turn on the camera remotely and determine whether what you see is a squirrel or someone stealing a package off your porch. It works with that same concept in mind. Frontline staff-such as your unit IT professional and staff in the Cybersecurity Operations Center-get notified if something is out of the ordinary. They can then investigate whether what is happening is a threat.

There are many ways that cyber criminals try to steal credentials and personal and university data. When the university can head those off, we protect time, resources and the university’s reputation.

IT specialist Damian Behymer with Library IT has been working to deploy both on all library devices. “CrowdStrike uses machine learning and expertise from security researchers to detect when there are signs of cyberattack. It goes beyond anti-virus software; CrowdStrike can notice unusual behaviors and processes on the university network that can be signs of compromise,” they said. 

Both the College of Education and University Library have completed the phase one work, meaning they reached a critical mass of devices with endpoint management and CrowdStrike successfully installed.

Increasingly universities need to be able to show that they are protecting interests and wellbeing of stakeholders with modern security measures. What we have to defend ourselves from is so much more complex than even 10 years ago, Behymer explained. “Cyberattacks-financial or seeking research data-are increasingly common and threatening. To get grants, we need to demonstrate due diligence and that we take common sense measures to protect data and systems with detection and response software installed broadly.”

The risk of a breach or ransomware falls on each unit or college. Individual IT groups take responsibility for doing security well, they added.

The Library has had CrowdStrike installed since it was available, according to director of library technology Tracy Tolliver. “Because of a previous well-known incident at a British library with a ransomware attack, we did not have to try hard to relate the importance of this because they had seen in that example what can happen if we do not try and secure our systems, monitor them and react quickly.”

Completing the first phase meant collaborating closely with individuals they support. Behymer discovered a handful of devices that needed maintenance to repair a connection with CrowdStrike or devices with operating systems so old they could not install CrowdStrike. “In many cases those devices were for very specific tasks. This meant strengthening relationships with experts and what people did with those computers, and finding out how IT can upgrade or replace the computer so they can still do what they need to do,” they added.

Sergio Correa, IT solutions architecture associate, has been the lead IT staff member for CII in the College of Education. He pointed out that installing endpoint management and CrowdStrike has led to having accurate lists of devices. This will be beneficial as campus moves to modern management tools.

“We also refined our departmental policy for supporting old devices. We found devices that did not support Windows 11 or latest macOS. It made us discuss the topic and come to a conclusion that we feel good about,” he said.

And while Correa was the main person managing the cleanup and installation during the large undertaking, he said he was able to communicate with coworkers about the steps involved in endpoint management, which creates a beneficial redundancy of knowledge and skills.

The College of Education and Library now are well positioned to continue to update devices with needed protections. A dozen more colleges and units are currently undertaking this same work, and eventually the entire campus will undergo the process.

“I am happy to see that campus is devoting resources to this and we had the support we need to implement these cybersecurity measures. The process has gone as smoothly as possible, being that we are one of the first two units to go,” Tolliver said.