“Universities kind of get a bad rap in the computer security space, because they don’t have the same kind of funding that the Department of Defense or a bank might have,” said Ron Gula, CEO and chief technology officer of Tenable Network Security. In fact, some of the best security CIOs come from academia, Gula said, because they are able to come up with creative and flexible solutions on smaller budgets.
“Universities have to be open—that’s their nature,” Gula said. “But that really makes them more exposed to attacks.”
Mobile computing does present some security problems, but most universities design their networks knowing that access to data services is a necessary part of the university environment.
Many organizations are moving toward continuous monitoring via very frequent vulnerability scanning and vulnerability management, but mobile devices present a challenge when it comes to scanning for security threats.
Another option is what Gula called passive network monitoring.
For more safety & security news, see:
Civil liberties groups question use of anonymous reporting tool
Campus police outfitted with small video cameras
Four Keys to Protecting Students, Staff, and Campus Property
Tenable sells a Passive Vulnerability Scanner, which helps organizations find unexpected security and compliance problems by constantly monitoring all network traffic.
The Passive Vulnerability Scanner continuously looks for new hosts, applications, and vulnerabilities—supplementing a university’s active scanning for potential threats that might fall between scans. It finds client-side vulnerabilities in web browsers, eMail clients, and other software, as well as anomalies that might indicate more serious threats.
In general, he said, universities are becoming more proactive when it comes to monitoring networks and addressing threats.