In order to stay in front of existing and emerging threats, we must actively monitor our information assets. These include networks, webshares, websites, student information, e-mail and many other pieces of information that are important to A&M and its partners.
A&M and its members have have chosen a multi-tiered strategy for dealing with cybersecurity threats and use a number of tools to accomplish that. For the membership, we have chosen to monitor both at the perimeter of our networks and inside our networks. Because we are now using tools which mine data across the membership and then analyze it centrally, we can detect distributed attacks which may be occurring simultaneously or serially. Vectra and Stealthwatch can, along with other tools, allow us to get in front of threats as they emerge, even when things such as virus signatures are not fully up-to-date. See the link here for more information on Stealthwatch and here for Vectra. These tools use artificial intelligence to detect and correlate attacks before they become a full-fledged breach of security.
But monitoring is only one facet of an information security program. We have to make sure that we’re staying on top of all threats, including those inside and to be ready if an incident occurs. The model we use in thinking through an information security model includes these parts:
Aside from Stealthwatch and Vectra, we also make use of a number of other tools and techniques to keep our membership safe: we use data leakage prevention (DLP) tools, we regularly scan for vulnerabilities on our networks and we filter incoming messages to ensure we blunt phishing attacks on the people who make up our membership.