Over four months this autumn,  we collaborated on a joint research project with Educause and ten large universities that are Educause members. The aim was to document how useful Arctic EWS could be for them. While the study was in higher education the content is relevant for companies as well.

It was a unique experience to work with such renowned universities and gather their insights regarding external cybersecurity monitoring. The idea of this follow-up project was to provide the universities with data about cybersecurity issues that were visible to the outside and provide it in a way that was in an easily consumable format.

The results were very encouraging, and we learned a great deal about how to provide this kind of service for higher education institutions. It was fascinating to document the systemic problems brought to sunlight once continuous external monitoring is in place.

We saw systemic problems related to firewall management, established security processes, processes related to incident response, change management, vulnerability management, asset management, and stakeholder communications.

We also saw how the Arctic EWS data impacts daily routines and helps discover shadow and abandoned infrastructure. However, we also learned that shadow infrastructure could often be more of a norm than an exception in a university! Asset management is a complicated topic, as one of the project participants put it:

"As an R1 research institute, we have principal investigators, grad students and undergrad students who are all involved in research projects. All standing up infrastructure under the desk at any moment. None of this necessarily went through any sort of validation and acceptance. So, we saw both shadow and abandoned infrastructure during the project."
- CISO, project participant university

The full research paper is available to download, and you can get it from the link below. We hope  you'll find it as interesting to read as it was for us to research. You can also sign up for Arctic EWS and take advantage of our free service, which provides you with a monthly Asset Discovery and Assessment report.

Access the studySign up for free

 

Latest news

contact

Want to know more? Contact us

Looks like you're proactive about cybersecurity. We like that! Let us know what you want to accomplish, and our team will be in touch. Together, we can work out the best way to help you.

test-drive

Test-drive Arctic EWS

We built Arctic EWS as a continuous monitoring service to alert our customers to their cybersecurity issues. It’s a great way to take stock of your security posture and see what may have slipped through your defenses undetected. Try our free service and get reports that show you visible cybersecurity issues in your network.