A joint Information Technology and Office of Information Security vulnerability management project aims to strengthen and better protect the WashU network from attacks.
The project has two main objectives:
- Install CrowdStrike on all Wash U servers immediately.
- Remediate tool-evaluated critical vulnerabilities, guiding department owners through updates, patches, and other steps.
About Objective 1
WashU IT Platform Engineering owns a tool called CrowdStrike. The vulnerability project will support their effort to have all departments install the CrowdStrike Falcon sensor, a malware-protection solution, on their servers. A recent security incident was mitigated when a server in the WashU network, equipped with the CrowdStrike sensor, alerted the team of the attack.
About Objective 2
Information Security owns Tenable, a tool that can scan all WashU devices (servers and endpoints). Tenable can identify security risks across WashU, allowing the Information Security team to identify, investigate, and prioritize vulnerabilities.
How You Can Help
While these tools can be extremely effective in helping to defend our information assets, we need your cooperation to make sure they are operational across WashU. The project team is working to identify department owners who can help mitigate these critical vulnerabilities.
The team is contacting department owners, requesting support to verify departmental assets, and working with the project team to resolve the vulnerability. Following the objectives stated above, this resolution may involve the following:
Objective 1: Installing CrowdStrike on your server and working with our team to ensure we catalog your server.
Objective 2: Working with our team to catalog your assets and notifying you of any critical vulnerabilities.
For more information about the project and how you can help, please contact infosec@wustl.edu.