Cyberattacks dominated the news in 2014, shaking the corporate world with announcements from some well-known companies that suffered millions of dollars in financial damages, not to mention wounded reputations and brand images. Between JPMorgan Chase, Target and Home Depot, the list is a veritable “who’s who” of respected businesses.

Stanford University

Stanford University, consistently ranked as one of the top universities by U.S. News and World Report, is making a smart move to keep itself off the growing list of organizations affected by data breaches. In the past year, the school has redesigned its IBM BigFix (previously IBM Endpoint Manager) infrastructure to better defend against cyberthreats.

“Our new design delivers enhanced security, while still giving us consistently high performance,” said Stacy Lee, a security operations specialist for the university. “We also use BigFix for incident response analysis to take corrective action wherever we detect vulnerabilities. This allows us to protect high-value university assets and intellectual property.”

Stacy Lee and Brian Katyl of Stanford University’s Security Operations Team at IBM InterConnect on Feb. 24, 2015

“Stanford is well-known for research and academics,” said Brian Katyl, a Stanford security operations specialist who made up the other half of the team presenting Tuesday. “When you’re one of the world’s leading think tanks in research — such as cancer breakthroughs that can potentially save lives and might be worth millions on the open market — it’s easy to understand why we’re not only a frequent target, but also why it’s imperative we have robust security measures in place.”

According to Lee and Katyl, it is important to focus on the basics, such as the following:

  • Building on trusted systems
  • Building from trusted media
  • Patching OS and databases and keeping them current
  • Installing antivirus software
  • Using host-based firewalls
  • Establishing dedicated administrative accounts

Speaking of basics, one thing Lee and Katyl said they see most people overlook is the importance of passwords.

“Your employees and their own passwords are the first line of defense,” they said. “At Stanford, we have a unique password policy that’s actually set up to help employees help us stay secure by allowing them a lot of flexibility in creating passwords while at the same time, keeping us safe.”

Coca-Cola Employs BigFix

Coca-Cola, the world’s largest supplier of nonalcoholic beverages, has more than 3,500 products with 500 brands in over 200 countries. Managing security in an already complex environment required a smart move on the company’s part.

“We didn’t have a way to understand what security patches were needed at any given time across our different systems,” said David Sloan of Coca-Cola. “On top of that, we had to manually build, distribute and download all patches as well as build in determining code. It took a full day to rebuild each month, and then it required even more additional testing. Our maintenance periods were a stressful nightmare.”

BigFix was just the move the company needed. Rather than employing multiple people to manage the more than 800 original systems, Coca-Cola uses BigFix to manage more than 2,000 systems with just a single staff member. Instead of manually gathering and deploying patches and then manually tracking their success, Coca-Cola can now gather patches automatically with near-live visibility into their success. Those patches can be delivered in a matter of hours by an individual.

“With BigFix, we’re able to do more with less — literally,” Sloan said. “We can find and fix problems in minutes instead of hours and days across any of our systems, independent of operating system or location. On top of that, we get up-to-the-minute reporting on the status of our systems. The peace of mind BigFix gives our security department makes us confident that our systems and our data are protected and secure.”

If you are ready to make your own smart move to ensure your systems are safe, learn more about BigFix.

Image Source: iStock

More from Endpoint

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…