Improved Endpoint Protection: What you need to know
From: Division of Information Technology
Virginia Tech is committed to supporting all members of the university community in conducting research, coursework, and business in a technologically secure environment. As cyberattacks have become more prevalent and advanced, Virginia Tech is taking steps to improve the protection of university-owned endpoints – the computers, laptops, and other devices that connect to the internet.
When an endpoint is targeted through malware, ransomware, or another type of incursion, it can begin spreading the infection to other endpoints in the network. This can happen before the user notices unusual behavior and can take time to detect through our existing monitoring practices. These types of attacks may start small but can have consequences that are surprisingly damaging for an organization. In 2021, for example, a ransomware attack at Virginia Tech affected over 900 computers across seven departments. The recovery process took several months to complete.
To better protect endpoints, the Division of IT is working with IT professionals in departments, colleges, and other units to roll out two technology solutions that will help Virginia Tech mitigate cyber threats and maintain the security, integrity, and availability of the university’s information systems. These are:
Endpoint Detection and Response (EDR), which continuously monitors IT security aspects of endpoints to identify and mitigate cyber threats in real time.
Data Loss Prevention (DLP), which evaluates outgoing and stored data to ensure that any data that is subject to compliance requirements (for example, student data or personally identifiable information such as social security numbers) is not lost, misused, or accessed by unauthorized users.
Both EDR and DLP are enabled through Microsoft Defender for Endpoint, Google Workspace DLP functions, and Microsoft M365 DLP functions.
Working together, these new tools give the university the ability to identify, contain, and mitigate cyberattacks far more quickly than we have been able to in the past. These tools also help to protect endpoints when people are working remotely, which is a major benefit for our new hybrid workplaces. Virginia Tech is not alone in employing these technologies – they are already the norm in corporate and government computing environments, and at many universities in Virginia and around the world.
We have prepared answers to some Frequently Asked Questions about Endpoint Protection and Privacy and are open to any additional questions that you may have. It is important for the university community to have clear and factual information about these tools.
The Division of IT began pilot testing EDR and DLP tools in spring 2022, but during this semester, departmental IT teams across the university have begun to assist in the wider rollout of this program by installing Microsoft Defender for Endpoint on university-owned endpoints. The program considers only university-owned endpoints, and this phase of the rollout only includes desktops and laptops. Other portions of the EDR and DLP toolset will be enabled in university-managed cloud services.
We appreciate your cooperation as we work to ensure the security of our campus community and the protection of university data and personal data stored and processed on university IT systems.