Vulnerability Management

Scan your systems for common vulnerabilities and misconfigurations

The Information Security team operates a Vulnerability Management Program for University schools and departments. Our primary goal is to assist in the auditing, identification, and remediation of security vulnerabilities – reducing the impact of cyber attacks on our community’s server infrastructure.

With our vulnerability management tool, you will be able to discover and remediate vulnerabilities before malicious individuals use them to exploit and compromise the University’s systems or data.

Getting Started

If you want to learn more and better understand the benefits of vulnerability management, please contact the Information Security Office at 773.702.CERT or security@uchicago.edu to set up an initial consultation.

To get the most value from our first meeting, come prepared with the following information:

  • Brief description of your IT infrastructure and environment
  • Information on firewalls and data center locations
  • Operating systems of the servers to be assessed

Vulnerability Management Services

  • Initial consultation to review documents, configurations, network diagrams, and to interview stakeholders
  • Initial vulnerability assessments to help pinpoint risks, identify a path forward, and serve as a starting point for your own team
  • Documentation/reports and additional consulting as needed after the assessment
  • Access to use the vulnerability management tool, InsightVM, at no cost to you
  • Quarterly or semi-annual health checks to help you keep track of progress

System Assessments and Remediation

Initial vulnerability assessments are designed to help you get started by scanning your servers for system vulnerabilities and software configuration issues such as zero-day vulnerabilities, weak cypher configurations, weak passwords, or out-of-date software.

Our goal in the first assessment is to cover the following:

  • Create an inventory of your systems and place these into your own site for scanning and vulnerability management
  • Complete an initial ad-hoc scan for review and schedule a regular scan of your department’s systems
  • Review scan results and cover detailed solutions for each of the discovered vulnerabilities

Training and Documentation

After your initial consult and enrollment is complete, one of our team members will sit down with your technical staff to cover the basics of managing your own assets, scanning, and remediating vulnerabilities. In addition to the training, we are available to answer any questions you have regarding the program at security@uchicago.edu or 773.702.CERT

Rapid7’s Nexpose/InsightVM documentation is a helpful resource, so if you’re just getting familiar with the interface, we suggest you begin here:

Getting Started with Nexpose/Insight VM

This documentation is designed to get you started using the Rapid7 Nexpose/InsightVM Vulnerability Management platform.