MSU business units use web sites for marketing and web applications to meet business objectives. Web Application Firewalls protect the applications from known threats and attackers by front-ending browser client communications.
MSU business units rely on computing technology which needs to be protected from malicious code and threats. Endpoint Protection software helps ensure computing resources do not execute malicious code, alerts to threats, and facilitates remediation and response efforts.
MSU operates one of the largest networks in the world which provides connectivity across the Internet for hundreds of thousands of users. Our computing resources are under constant attack from external threat actors so we use next-generation firewalls to provide network segmentation from the public Internet and its various internal computing environments. This is a goal of the NIST Cybersecurity Framework (PR.PT-4 Segmentation and Filtering).
MSU computing resources generate system logs about operational issues and security alerts. These logs must be protected, retained, and be retrievable by IT to support MSU business operations. SIEM technology helps meet these requirements and provide security intelligence.
Cryptography protects the confidentiality of many computers and applications rely on trusted SSL certificates to operate. The SSL Certificate service maintains a public Certificate Authority from which MSU can issue its own certificates and enable this strong encryption.
Virtual Private Network (VPN) is used to secure remote access to internal-only (non-public) services. MSU faculty and staff need to connect to trusted computing resources from remote networks across the general public Internet. VPN provides secure remote access and protects these communications across untrusted networks.
Vulnerability management is a continuous process that involves identifying, assessing, and remediating security weaknesses (vulnerabilities) in systems, applications, and software to reduce the risk of cyberattacks and data breaches. It's an ongoing effort to minimize the organization's attack surface and ensure the integrity of its IT infrastructure.