Look, No Hands—Let OIT Continuously Monitor Your Systems
One of the responsibilities of every user of UT’s IT resources is to continuously monitor their UT Owned workstations, laptops, and servers. What does that even mean? HOW? WHO? Who does ANYTHING continuously? These two words, continuous monitoring,” would imply that you (or somebody) should be looking at a computer(s) 24 hours a day, 365 days per year. Thankfully, this is NOT the case. There is an app for that!
Without going into the gory details, the intent of this requirement is to ensure that we pay attention to alerts we receive on our computers and systems by reporting abnormal “behavior” to the OIT HelpDesk, that we know when updates become available, and that we keep operating systems and applications updated. It sounds like a full day’s work, and it may be if you are an IT employee who maintains hundreds of workstations and servers!
So…how do you comply with policy and continuously monitor your UT-Owned devices? We’re glad you asked!
Recently, all the alarm bells went off when Microsoft notified everyone about a vulnerability in Windows, one that would allow a bad person to send you a word document containing malicious code that would take advantage of the existing vulnerability. The code could be delivered via Microsoft Word (.docx) or a Rich Text Format (.rtf) document. The latter is more dangerous because it allows the execution of a malicious command without even opening the document. Just previewing the document in Windows Explorer would be enough to activate the code and allow the bad guy to pass commands to your computer without your knowledge.
OIT offers a service that continually monitors your workstation, laptop, or server for vulnerabilities. It consists of an agent that runs on the computer and stays updated on all the harmful stuff that is being passed around. The Microsoft example above is what security folks call a “Zero-Day” vulnerability. Zero-Day is a broad term that describes recently discovered vulnerabilities that hackers can use to attack systems. The term “Zero-Day” refers to the fact that the vendor has only just learned of the flaw, meaning they have “zero days” to fix it. While this OIT service will not necessarily, “fix” the flaw automatically, it quickly informs the right OIT folks that your device is affected, giving us a fighting chance of pushing a “fix” out to your device while maintaining your valuable services.
In the “Zero-Day” case above, OIT DID “push” a fix out to UT devices that met the following conditions.
The devices were:
- On the UT network
- Registered in UT Active Directory, and
- Powered on
However, if your workstation or laptop were with you while working from home, the “fix” may not have gotten to you unless you were connected to the UT Network with the UTK SSL-VPN client.
Sure, there is protection software to guard against “known” viruses and vulnerabilities, but when a “Zero-Day” hits, those protections can fail. Until an update is provided by the vendor, the only remedy may be a “fix” that requires your device to be managed centrally.
It is this type of urgent scenario where OIT’s continuous monitoring service can help protect you, the UT data that you work with, and the UT-Owned device that you use. Don’t stay up all night monitoring your device; instead, let OIT do it. Ask us for help by calling the OIT HelpDesk at 865-974-9900.