Vulnerability ManagementScan your systems for common vulnerabilities and misconfigurations
The Information Security team operates a Vulnerability Management Program for University schools and departments. Our primary goal is to assist in the auditing, identification, and remediation of security vulnerabilities – reducing the impact of cyber attacks on our community’s server infrastructure.
With our vulnerability management tool, you will be able to discover and remediate vulnerabilities before malicious individuals use them to exploit and compromise the University’s systems or data.
If you want to learn more and better understand the benefits of vulnerability management, please contact the Information Security Office at 773.702.CERT or email@example.com to setup an initial consultation.
To get the most value from our first meeting, come prepared with the following information:
- Brief description of your IT infrastructure and environment
- Information on firewalls and data center locations
- Operating Systems of the servers to be assessed
Vulnerability Management Services
- Initial consultation to review documents, configurations, network diagrams, and interview stakeholders
- Initial vulnerability assessements to help pinpoint risks, identify a path forward, and serve as a starting point for your own team
- Documentation/reports and additional consulting as needed after the assessment
- Access to use the vulnerability management tool, InsightVM, at no cost to you
- Quarterly or semi-annual health checks to help you keep track of progress
System Assessments and Remediation
Initial vulnerability assessments are designed to help you get started by scanning your servers for system vulnerabilities and software configuration issues such as zero day vulnerabilities, weak cypher configurations, weak passwords, or out-of-date software.
Our goal in the first assessment is to cover the following:
- Create an inventory of your systems and place these into your own site for scanning and vulnerability management
- Complete an initial ad-hoc scan for review and schedule a regular scan of your department’s systems
- Review scan results and cover detailed solutions for each of the discovered vulnerabilities
Training and Documentation
After your initial consult and enrollment is complete, one of our team members will sit down with your technical staff to cover the basics of managing your own assets, scanning, and remediating vulnerabilities. In addition to the training, we are available to answer any questions you have regarding the program at firstname.lastname@example.org or 773.702.CERT
Rapid7’s Nexpose/InsightVM documentation is a helpful resource, so if you’re just getting familiar with the interface, we suggest you begin here:
This documentation is designed to get you started using the Rapid7 Nexpose/InsightVM Vulnerability Management platform.