Vulnerability Management Case Study: Tulane University

Digital Defense helps Tulane University Bolster Information Security

Situation: Higher Education Institutions Face Unique Security Challenges

Universities and other higher education institutions face a unique and complex set of cybersecurity challenges not experienced by other industries. As Hunter Ely, Assistant Vice President, Information Security and Policy Officer at Tulane University, explains, higher education institutions have to walk a fine line between making sure the students, faculty and staff connecting to the university’s networks are kept safe and secure, while also being careful not to become the internet police. “We never want to prevent people from accessing the data they need for projects and research,” states Ely. “Every time a student, faculty or staff member goes online, the university has to consider if our security policies and procedures are properly protecting them without blocking them from accessing useful information.”

Since universities often do not have direct access to the majority of the endpoints of their network, the complexity of the problem increases. Students, faculty and staff are connecting to the network multiple times a day through multiple endpoints such as laptops, phones and other personal devices, which can potentially open doors for a cyber-criminal and put sensitive data at risk, leaving the university vulnerable to a devastating breach.

In the wake of these challenges, along with the increasing number of attacks universities are facing, Tulane is continuing to further its commitment to cybersecurity. With more than 16,000 students, faculty and staff and the increase in potential vulnerabilities that could put the network at risk, having a strong vulnerability management program in place is crucial.

Solution: Vulnerability Management Platform Unlike Others – Fortra Vulnerability Manager (Fortra VM)

In order to help manage ongoing threats and meet data protection requirements and compliance mandates, Tulane turned to Fortra for a vulnerability management solution. Leveraging Fortra VM, Tulane is streamlining processes and improving data security by effectively identifying internal and external vulnerabilities that can be exploited by cyber-criminals and hacktivists.

Previously, Tulane was using another popular network scanning tool to assist with vulnerability management, but was struggling with reports that provided large amounts of static and extraneous data, which then had to be distilled into something actionable. Rather than continuing to hound their previous provider for insight and assistance, they decided to look for a new solution. This brought them to Fortra

The Tulane Security Team discovered that Fortra VM is able to provide a better solution that is customizable and easy to use.

Fortra VM is advanced, intuitive and cost effective. Underpinned by cutting-edge technology, Fortra VM quickly identifies weaknesses within a network and prioritizes assets to ensure remediation efforts reduce security risk as rapidly as possible. Role-based reports present the necessary intelligence to the users, executive leadership and auditors. Fortra VM is an instinctive console supported by a cloud-based architecture, which eliminates ongoing capital expenditure and frees the client from concerns about technology obsolescence and the burden of performing software and hardware updates.

Tulane has found that reports generated and delivered via Fortra VM are actionable, allowing the team to move quickly on issues and streamline remediation efforts. Tulane experiences fewer false positives, which saves time, and Fortra VM does not take weeks of training to get new people up and running. This means more members of the Tulane Security Team can use it and have role-based access to the data. “The data from Fortra VM is distinct without having to go into a lengthy description, and the critical issues are very clear – the big things do not get lost in the shuffle,” says Mark Liggett, Senior Security Analyst, Tulane University.

Tulane’s team also appreciates that, after they fix an issue, they can immediately re-scan, and find out almost in real-time if their f ix effectively remediated the problem.

“We can use Fortra VM to easily tease out the problems in our network, which is more important to us than in other organizations because we do not have direct access to the endpoint,” Ely says.

Cutting Edge Technology

Digital Defense is a long standing innovator in vulnerability management. The powerful patented scanning technology, complemented by a patent-pending advanced network host correlation algorithm, produces highly accurate results. Unlike premise-based tools previously used by the university that silo data, DD’s technology helps identify trends and outliers through the analysis of aggregated data. This allows DD to quickly generate more accurate and complete results and to alert Tulane swiftly to any potential vulnerabilities that could threaten their security. Having a proven scanning technology in place has become even more valuable for Tulane when thinking about the issue of unknown endpoints (hosts) faced by institutions of higher education. In any network, assets don’t always stay in place. DD’s network host correlation tracks and reconciles assets and their data, even when their IP addresses change, providing unparalleled vulnerability management. Other tools only provide a one-time static snapshot of risk, resulting in an inaccurate view of the entire security posture. With so many different and changing endpoints on their network, Tulane can use DD’s vulnerability management solution to unravel any problems.

The People Factor: Support We Need When We Need It

Tulane has also found that, with DD, they have access to experts who can be an extension of their organization, with a white glove approach to support. DD’s on-demand Personal Security Analyst team is available to help define requirements, craft strategy and effectively execute a vulnerability management program tailored to their organization. While set up is simple and the platform is intuitive, when questions do come up, assigned client support helps make day-to-day issues easier to manage, including remediation prioritization and assignments.