Endpoint Protection and Management

Beginning Summer 2020, the Division of Information Technology is moving forward with the deployment of new key components as part of our planned on-going cybersecurity initiatives to enhance security for our network and computer infrastructure.

  • Software Patching & Vulnerability Management

  • Microsoft Defender Advanced Threat Protection

  • Device Encryption

Each of these components will be rolled out in phases to the Stevens community to ensure minimal disruption to user productivity and continued business operations.

Software Patching & Vulnerability Management 

Stevens is committed to ensuring a secure computing environment and recognizes the need to prevent and manage software vulnerabilities. Patching and vulnerability management are security practices designed to proactively prevent the exploitation of software vulnerabilities within our infrastructure. Installing patches for applications and operating systems regularly contributes to a safer computing environment. 

Patching Requirement

All endpoint devices connected to the Campus Network must be running up-to-date security configurations.

Risks

New software vulnerabilities are continually being discovered and if exploited, can lead to the following risks:

  • Data breaches

  • Downtime of critical systems

  • Damage to the university's reputation

  • Financial Loss

  • Regulatory non-compliance

Patch Schedule

Institutional Systems that are managed by IT are patched at least once a month on a regular schedule. There may be instances where IT patches outside of the regular monthly cadence to address particularly severe vulnerabilities that pose a significant risk to the university. Users logged in to their device at the time of patching will receive an update notification once they are ready to install with an option to defer installation and a system restart.

For Institutional Systems that are not managed by IT, it is the responsibility of the Institutional System Manager to ensure operating systems and applications are updated and patched when patches become available.

Microsoft Defender Advanced Threat Protection 

The Division of Information Technology is moving forward with the Protect Stevens initiative by deploying Microsoft Defender Advanced Threat Protection (ATP) on Stevens-managed workstations. Microsoft Defender ATP is an enterprise endpoint security platform designed to help enterprises prevent, detect, investigate, and respond to advanced threats. Microsoft Defender ATP will replace Symantec Endpoint Protection on Stevens-managed workstations.

In accordance with the Stevens Security Policy all endpoint devices including laptops, desktops, and mobile devices connecting to the Campus Network or which access university data must meet the minimum security standards outlined in Appendix B.

Device Encryption

As with most portable devices, laptops are at a high risk of being lost or stolen. The portability of these laptops poses a significant risk to exposure of university data stored on them. Therefore, the Stevens Data Protection Standards, Minimum Security Standard requires encryption for all Stevens-managed laptops.

All new Stevens-managed devices (e.g., desktops, laptops, and tablets) will have Full (“whole disk”) encryption on laptops using an IT-managed encryption solution native to the operating system (BitLocker Drive Encryption for Windows, FileVault 2 for Mac OS X). IT is working with individuals and departments to turn on encryption for older, managed devices.

Need IT Support?

Get support through our self help resources, contacting IT support or visiting TRAC.