To stay in front of existing and emerging threats, we must actively monitor our information assets. These include networks, web shares, websites, student information, e-mail and many other pieces of information that are important to A&M System members.
The A&M System has chosen a multi-tiered strategy for dealing with cybersecurity threats and use a number of tools to accomplish that. We monitor at the perimeter of our networks and inside our networks. Because we are now using tools which mine data across members and then analyze it centrally, we can detect distributed attacks which may be occurring simultaneously or serially. Vectra and Stealthwatch, along with other tools, allow us to get in front of threats as they emerge, even when things such as virus signatures are not fully up-to-date. Click here for more information on Stealthwatch and here for Vectra. These tools use artificial intelligence to detect and correlate attacks before they become a full-fledged breach of security.
In addition to monitoring, we have to make sure that we’re staying on top of all threats, including those inside, and to be ready if an incident occurs. The model we use in thinking through an information security model includes these parts:
Aside from Stealthwatch and Vectra, we also use data leakage prevention (DLP) tools, we regularly scan for vulnerabilities on our networks and we filter incoming messages to ensure we blunt phishing attacks.