Category: Endpoint Security Compliance

Endpoint Security Compliance 4 – FAQ (497)

FAQ

While you are responsible for ensuring your GT-owned device is secured, please work with your local IT professional(s) to assist you to accomplish this.

The endpoint protection solutions are: Cortex XDR (Currently sunsetting FireEye) – Modern anti-virus, threat detection and response. This blocks malware using both traditional signature-based and machine learning based engines. It enables Georgia Tech’s Security Operations Center (SOC) within Cyber Security to detect, quarantine, investigate, and mitigate system threats. Qualys – Vulnerability detection. This detects and reports software that is not patched and/or misconfigured to SOC. The endpoint management solutions are: SCCM/InTune – Windows endpoint and configuration management. Helps keep system parameters and software properly configured. JAMF – Apple endpoint and configuration management. Helps keep Apple system parameters and Apple software properly configured. Allows self-service installation of many GT licensed and other software tools. SaltStack – Endpoint and configuration management. Helps keep system parameters and local software properly configured for Windows, Mac, and Linux.
The endpoint protection solutions, Cortex XDR and Qualys, are required for all machines and the appropriate management agent is required based on the device type: SCCM/InTune for Windows, JAMF for Mac, and SaltStack for Linux.
GT-owned mobile devices and tablets must be enrolled in endpoint management and secured by encryption with PIN/password.
No. In order to apply patches and updates, the tools are run with administrator/root/system-level privileges. Like all GT systems and networks, these will be subject to the Georgia Tech Data Privacy Policy In particular, such access is only used for legitimate business purposes (e.g. to comply with legal requirements, maintain the security of GT networks, systems, and data, to diagnose and correct problems with system software or hardware, etc.). Please review the privacy policy for further details.
A series of knowledge base articles are shared on ServiceNow at Services.gatech.edu.

Endpoint Security Compliance 3 – Campaign Phases (481)

Campaign Phases

Please note the many of these details are specific to IT professionals and those that self-administer their machines. 

Phase 1

By August 31 – Complete

  • Disable Auto-Run and Auto-Play
    Active Directory Group Policy will be configured to disable auto-run or auto-play technology. Auto-run and auto-play enable devices to automatically launch programs from external drives or media that are connected.
    IT Staff – View the GPO that will Disable Auto-Run >

By September 15 – Complete

By September 30 – Complete

  • Transition from FireEye to Cortex XDR
    Transition from FireEye anti-malware software to Cortex XDR Installation of endpoint management tools on Institute-owned devices for all departments with local IT support.

Phase 1 Completion

100%

Phase 2

Compliance by December 31, 2021

Full Endpoint Compliance

  • Installation of endpoint management tools on all Institute-owned devices (workstations, laptops, and servers), including those in departments without local IT support.
  • Idle screen lock
  • Patch management
  • Host based firewalls
  • Log management
  • Eula/Banner

Inventory

  • Complete inventory of Institute-owned devices due (Departments will be able to upload inventory data into a SnipeIT reporting instance)

Knowledge Article – SnipeIT: Syncing Assets to the Roll up Instance>
Knowledge Article – SnipeIT Inventory Rollup Process>
Knowledge Article – SnipeIT – Rollup Attribute Requirement Details>

Each department is expected to upload their inventory data according to the reporting schedule below. The intent of having an incremental reporting schedule is to ensure consistent progress is made by each unit before the inventory deadline of December 31, 2021. A report will be generated at the end of each reporting period and communicated to Georgia Tech Leadership to report overall inventory progress. Please note that December 31, 2021 is the deadline for Georgia Tech to have completed its first centralized asset endpoint inventory based on the USG Endpoint Audit findings and proposed Management Response.

Reporting Schedule

• Period 1: 9/3 – 9/17
• Period 2: 9/17 – 10/1
• Period 3: 10/1 – 10/15
• Period 4: 10/15 – 10/29
• Period 5: 10/29 – 11/19
• Period 6: 11/19 – 12/1

VPN Solution Transition

Phase 2 also includes the complete transition from the Cisco AnyConnect VPN to the GlobalProtect VPN solution. While many students, faculty, and staff already use the GlobalProtect client and web-based solution, this phase ensures that all AnyConnect users completely transition to GlobalProtect. The transition dates vary based on your role at Georgia Tech and are shared below:

  • OIT System Administrators: 9/28/21
  • CSRs/IT Community: 11/2/21
  • Faculty/Staff/Employees: 12/21/21
  • Students/All Others: 5/10/22

Phase 2 Completion

5%

Phase 3

By July 31, 2022

  • Network-based enforcement and controlled admission will be implemented for Institute-owned devices. This restricts access to Georgia Tech’s network to Institute-owned endpoints with approved endpoint management and protection solutions installed.
  • Mechanisms will also be developed to control admission of BYOD devices accessing the GT network and application.
  • Device encryption
  • Administrative privileges
  • CASB
  • Sunsetting non-0365 mail servers

Phase 3 Completion

0%

Endpoint Security Compliance 2 – USG & Institute Requirements (470)

USG & Institute Requirements

For Faculty, Staff, Graduate Students, and Student Employees

A recent USG audit yielded the need for significant improvements to Georgia Tech’s existing endpoint security program, including increased enforcement and compliance across the Institute. President Cabrera has requested that campus leadership work with their respective teams to ensure full attention and participation in the endpoint compliance effort and other efforts related to data security and protection.

Based on USG recommendations and contractual obligations, Georgia Tech is implementing controls in the phases below.

*Please note that endpoint compliance information may differ for employees in GTRI. Any necessary changes will be communicated by GTRI’s local IT department.

Georgia Tech’s Endpoint Management & Protection Program ensures secure management of all Institute-owned endpoint devices, including desktops, laptops, tablets, and mobile phones. The endpoint program is supported within the Institute Strategic Plan’s Data Excellence Initiative as a Security, Privacy & Risk strategy. Each Data Excellence strategy advances efforts to build a culture around data security and privacy at Georgia Tech. 

Benefits of Endpoint Management & Protection

  • Protection against cyber threats
  • Simple self service installation and updating of GT-licensed software
  • Centralized process for applying patches and making updates
  • Compliance with university system policy, as endpoint management tools are configured to push settings enabling automatic compliance with policy
  • Faster, and sometimes automated, issue resolution

Endpoint Security Compliance 0 – ESC Contents (464)

Endpoint Compliance

Pursuant to University System of Georgia (USG) policy, Section 5.8, all USG organizations must implement endpoint security by “deploying tools that add a layer of security to devices connecting to networks that may otherwise make them vulnerable to cyber attacks.”

View Policy in Handbook

USG & Institute Requirements

For Faculty, Staff, Graduate Students, and Student Employees

A recent USG audit yielded the need for significant improvements to Georgia Tech’s existing endpoint security program, including increased enforcement and compliance across the Institute. President Cabrera has requested that campus leadership work with their respective teams to ensure full attention and participation in the endpoint compliance effort and other efforts related to data security and protection.

Based on USG recommendations and contractual obligations, Georgia Tech is implementing controls in the phases below.

*Please note that endpoint compliance information may differ for employees in GTRI. Any necessary changes will be communicated by GTRI’s local IT department.

Georgia Tech’s Endpoint Management & Protection Program ensures secure management of all Institute-owned endpoint devices, including desktops, laptops, tablets, and mobile phones. The endpoint program is supported within the Institute Strategic Plan’s Data Excellence Initiative as a Security, Privacy & Risk strategy. Each Data Excellence strategy advances efforts to build a culture around data security and privacy at Georgia Tech. 

Benefits of Endpoint Management & Protection

  • Protection against cyber threats
  • Simple self service installation and updating of GT-licensed software
  • Centralized process for applying patches and making updates
  • Compliance with university system policy, as endpoint management tools are configured to push settings enabling automatic compliance with policy
  • Faster, and sometimes automated, issue resolution

Campaign Phases

Please note the many of these details are specific to IT professionals and those that self-administer their machines. 

Phase 1

By August 31 – Complete

  • Disable Auto-Run and Auto-Play
    Active Directory Group Policy will be configured to disable auto-run or auto-play technology. Auto-run and auto-play enable devices to automatically launch programs from external drives or media that are connected.
    IT Staff – View the GPO that will Disable Auto-Run >

By September 15 – Complete

By September 30 – Complete

  • Transition from FireEye to Cortex XDR
    Transition from FireEye anti-malware software to Cortex XDR Installation of endpoint management tools on Institute-owned devices for all departments with local IT support.

Phase 1 Completion

100%

Phase 2

Compliance by December 31, 2021

Full Endpoint Compliance

  • Installation of endpoint management tools on all Institute-owned devices (workstations, laptops, and servers), including those in departments without local IT support.
  • Idle screen lock
  • Patch management
  • Host based firewalls
  • Log management
  • Eula/Banner

Inventory

  • Complete inventory of Institute-owned devices due (Departments will be able to upload inventory data into a SnipeIT reporting instance)

Knowledge Article – SnipeIT: Syncing Assets to the Roll up Instance>
Knowledge Article – SnipeIT Inventory Rollup Process>
Knowledge Article – SnipeIT – Rollup Attribute Requirement Details>

Each department is expected to upload their inventory data according to the reporting schedule below. The intent of having an incremental reporting schedule is to ensure consistent progress is made by each unit before the inventory deadline of December 31, 2021. A report will be generated at the end of each reporting period and communicated to Georgia Tech Leadership to report overall inventory progress. Please note that December 31, 2021 is the deadline for Georgia Tech to have completed its first centralized asset endpoint inventory based on the USG Endpoint Audit findings and proposed Management Response.

Reporting Schedule

• Period 1: 9/3 – 9/17
• Period 2: 9/17 – 10/1
• Period 3: 10/1 – 10/15
• Period 4: 10/15 – 10/29
• Period 5: 10/29 – 11/19
• Period 6: 11/19 – 12/1

VPN Solution Transition

Phase 2 also includes the complete transition from the Cisco AnyConnect VPN to the GlobalProtect VPN solution. While many students, faculty, and staff already use the GlobalProtect client and web-based solution, this phase ensures that all AnyConnect users completely transition to GlobalProtect. The transition dates vary based on your role at Georgia Tech and are shared below:

  • OIT System Administrators: 9/28/21
  • CSRs/IT Community: 11/2/21
  • Faculty/Staff/Employees: 12/21/21
  • Students/All Others: 5/10/22

Phase 2 Completion

5%

Phase 3

By July 31, 2022

  • Network-based enforcement and controlled admission will be implemented for Institute-owned devices. This restricts access to Georgia Tech’s network to Institute-owned endpoints with approved endpoint management and protection solutions installed.
  • Mechanisms will also be developed to control admission of BYOD devices accessing the GT network and application.
  • Device encryption
  • Administrative privileges
  • CASB
  • Sunsetting non-0365 mail servers

Phase 3 Completion

0%

FAQ

While you are responsible for ensuring your GT-owned device is secured, please work with your local IT professional(s) to assist you to accomplish this.

The endpoint protection solutions are: Cortex XDR (Currently sunsetting FireEye) – Modern anti-virus, threat detection and response. This blocks malware using both traditional signature-based and machine learning based engines. It enables Georgia Tech’s Security Operations Center (SOC) within Cyber Security to detect, quarantine, investigate, and mitigate system threats. Qualys – Vulnerability detection. This detects and reports software that is not patched and/or misconfigured to SOC. The endpoint management solutions are: SCCM/InTune – Windows endpoint and configuration management. Helps keep system parameters and software properly configured. JAMF – Apple endpoint and configuration management. Helps keep Apple system parameters and Apple software properly configured. Allows self-service installation of many GT licensed and other software tools. SaltStack – Endpoint and configuration management. Helps keep system parameters and local software properly configured for Windows, Mac, and Linux.
The endpoint protection solutions, Cortex XDR and Qualys, are required for all machines and the appropriate management agent is required based on the device type: SCCM/InTune for Windows, JAMF for Mac, and SaltStack for Linux.
GT-owned mobile devices and tablets must be enrolled in endpoint management and secured by encryption with PIN/password.
No. In order to apply patches and updates, the tools are run with administrator/root/system-level privileges. Like all GT systems and networks, these will be subject to the Georgia Tech Data Privacy Policy In particular, such access is only used for legitimate business purposes (e.g. to comply with legal requirements, maintain the security of GT networks, systems, and data, to diagnose and correct problems with system software or hardware, etc.). Please review the privacy policy for further details.
A series of knowledge base articles are shared on ServiceNow at Services.gatech.edu.

Endpoint Security Compliance 1 – Endpoint Compliance Banner (457)

Endpoint Compliance

Pursuant to University System of Georgia (USG) policy, Section 5.8, all USG organizations must implement endpoint security by “deploying tools that add a layer of security to devices connecting to networks that may otherwise make them vulnerable to cyber attacks.”

View Policy in Handbook