BUSINESS: This leading higher education organization offers graduate and undergraduate programs across the arts and sciences.
BUSINESS CHALLENGE: To deliver high-quality learning experiences for students, this leading liberal arts university in East Asia aims to offer open access to digital resources. How could the organization achieve this goal while protecting its thousands of IT endpoints and web applications against cyberattack?
SOLUTION: Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection and prioritization and response.
To offer high-quality learning experiences to its undergraduate and postgraduate students, this university in East Asia strives to provide easy access to a wide range of digital tools. From email and learning management systems to custom web applications, the organization aims to cultivate an open digital environment that helps students to achieve their full potential.
The Head of Information Security at the university comments: “The digital channel is becoming increasingly important to the way that we teach. While technology enables us to deliver content and engage with students in innovative ways, protecting a large and open IT environment creates some complex security challenges.”
To deliver its IT services, the university uses over 900 production servers, 1,000 web applications and around 1,600 other IT assets, including network devices, development servers, and research workstations. During term time, up to 10,000 IT endpoints are connected to the university network simultaneously, including laptops and mobile devices owned by students and teaching staff.
Why they chose Qualys VMDR:
“A successful cyberattack could interrupt not only teaching but also damage the university’s reputation,” continues the Head of Information Security. “A significant amount of sensitive data is stored digitally on our systems, which means it’s important to ensure that our IT environment is secured against potential threats around the clock.”
In the past, the university relied on two separate tools to scan its environment for vulnerabilities: network scanning and web application scanning. Because the two scanning tools were not integrated, it was difficult to gain a clear view of all the vulnerabilities affecting each system.
“As well as limiting our insight into our vulnerability exposure, it took us a significant amount of time to extract useful data from the scanning tools,” adds the Head of Information Security. “We depend on our IT system owners to apply patches and update security configurations, but most of them are not security specialists. As a result, we were keen to find a way to deliver actionable vulnerability insights to them faster.”
To enhance its approach to cyber security, the university selected Qualys VMDR® with integrated apps for asset identification and management, vulnerability management, threat detection and prioritization and response. VMDR empowers the university to scan its on-premises systems and web applications from a single point of control, eliminating the need for multiple separate scanning tools.
“When we were searching for a new solution, one of our key criteria was the ability to gain a more complete picture of all the vulnerabilities across our estate,” says the Head of Information Security. “Crucially, we also wanted detailed reports that were easy to understand, because we rely on systems owners without specialist security knowledge to carry out the remediation work. One of the things we really appreciate about Qualys VMDR is that it combines comprehensive visibility of vulnerabilities with actionable reports, helping our stakeholders see exactly what they need to do to remediate their assets.”
Looking to the future, the university plans to transform its IT environment by increasing its footprint in the cloud. As a result, the organization was impressed with the ability to use Qualys APIs to gain real-time visibility into the vulnerability status of cloud-based systems.
By replacing its legacy tools with a cloud-based solution, the university gains advanced vulnerability management capabilities without the cost and complexity of managing its own on-premises infrastructure. And thanks to the combination of network-based scanning and Qualys Cloud Agents, the organization ensures that it can capture detailed data from all parts of its IT environment.
“Qualys Cloud Agents are extremely lightweight, which means we never have to worry about system performance issues, even when we’re deploying them to a critical server in our environment,” adds the Head of Information Security.
Today, the university uses Qualys VMDR to scan its IT environment every six months, prioritize the most critical vulnerabilities, and generate detailed reports to help its teams rapidly close down threats.
“The progressive scanning function of Qualys Web Application Scanning allows us to thoroughly test our web applications, no matter how many URLs or pages they include,” explains the Head of Information Security. “Without a doubt, the Qualys solution is contributing to higher visibility and easier management of vulnerabilities.”
Since transitioning to VMDR, the university is realizing its goal of maintaining an open and inclusive digital space while at the same time protecting its students and teaching staff against cyber threats.
“Although information security initiatives like ours don’t set out to achieve cost-savings, we’re confident that the Qualys Cloud Platform offers a significantly lower total cost of ownership, especially when taking into account the software and hardware infrastructure previously needed to run our previous on-premises tools,” comments the Head of Information Security.
“Most importantly, we are now offering our system owners clear, actionable insight into which patches they need to deploy much faster than we could in the past. In fact, we estimate that Qualys VMDR has helped us to reduce the average time between detection and remediation by up to 60%, which is contributing to better protection for our stakeholders across the university.”
Today, Qualys VMDR is tightly integrated into the university’s information security process. The organization’s server team has been given access to the scanning capabilities and uses VMDR to verify that new system implementations and patching initiatives are appropriately hardened against vulnerabilities.
Building on its success with the Qualys solution, the university is now exploring additional ways to harness the capabilities of VMDR to further strengthen its security posture. For example, the organization aims to use Qualys APIs to integrate VMDR with ServiceNow Configuration Management Database, dramatically reducing the manual effort required to keep its inventory of IT assets up to date.
“Our students and teachers rely more than ever on digital systems as it’s vital to ensure that they’re always available and protected,” concludes the Head of Information Security. “Qualys VMDR empowers our lean team to protect over 2,500 IT assets and 1,000 web applications 24/7—and we look forward to working with Qualys to continue to enhance our protection in the future.”
“We are now offering our system owners clear, actionable insight into which patches they need to deploy much faster than we could in the past. In fact, we estimate that Qualys VMDR has helped us to reduce the average time between detection and remediation by up to 60%, which is contributing to better protection for our stakeholders across the university.”
University in East Asia