SLCC...

1. After evaluation of several options, SLCC is currently evaluating options to purchase CrowdStrike for 3500 endpoints. And it has come down to two possible scenario. Either we purchase CrowdStrike off state contract via SHI or failing that we are planning to put out a RFP which we will share and provide for anyone who is interested in the option to purchase off this agreement. The details to make this decision should become clear in the next couple weeks.

2. Currently SLCC has a Palo Alto 7050 with an On-Site-Spare utilizing two VSYS, one for the perimeter and one for the data center. All firewalls in the chassis share licensing which consists of URL defense, Threat and Wildfire. In addition SLCC utilizes 28 additional firewalls of various models, including PA3020(4), PA820(5), PA500(13), PA220(4) and Cisco ASA(3)... used for remote site Data Centers, PCI, DR and CSIS labs. Panorama is also deployed for firewall management and logging. The majority of the support and licensing is up for renewal as of 3/2020 although we are also currently evaluating the costs associated with replacing the various models as they reach there EOL dates and would certainly be interested in a consortium renewal.

3. 3 FTE

James Wilkinson | SLCC

On 5/30/19, 4:24 PM, "USHE-ISO on behalf of Andrew Goble via USHE-ISO" <ushe-iso-bounces@lists.dixie.edu on behalf of ushe-iso@lists.dixie.edu> wrote:

CAUTION: This is an external message from: ushe-iso-bounces@lists.dixie.edu. If you have questions regarding its validity, please review how to identify suspicious emails.

Hi all,

Apologies in advance for this somewhat lengthy email.

tl;dr version: There is some money to spend for security and we need to propose how best to do so. Action items at the end.

Our funding position has become clearer after the Regents and CIO meetings the last couple of weeks. There is one million in ongoing funding that the CIOs have been directed to put towards USHE security efforts. Specifically, the CIOs are looking at the following areas:

Endpoint Protection Layer 7 Firewalls IT Security Staffing (in that order)

We have been tasked to get a proposal on how to get the most bang for our buck with this money together in time for the CIO retreat in mid-July. The CIOs feel like endpoint is the best place to start as several institutions are ready or close to ready to jump on that. For layer 7 firewalls, their intent is either getting hardware in place where it's still lacking or possibly combine negotiation and subsidize the cost of Palo Alto subscriptions. Finally, the CIOs would at least like to get a picture of where everyone is at with IT security staffing and identify greatest needs, although it may be unlikely that there will be funds to do much there.

We identified a small working group at our May 10th meeting to work together on Endpoint options, I have Matt, Cody, Mark, Jon, James, Florian, and myself marked down as willing to participate on that group. Please correct me if I missed anybody or need to add others. We'll need to mobilize soon.

So, action items for each school, please send me:

1. A best-case scenario count for endpoints you would expect to cover (I have rough counts on endpoint from SLCC 3500, SUU, 2000, DSU, 2300, USHE/BoR 1500, Weber 5000, UofU 73000. Please correct me if I've got bad numbers.) 2. Current status / deployment of layer 7 firewalls 3. Approximate FTE count dedicated to IT security functions

I'll compile and send this back out to the group. For DSU I can report the following:

1. No current endpoint solution and 2300 endpoints 2. Palo Alto 5220 series with Threat subscription at network perimeter, older layer 4 FWs at distribution and data center. 3. 1 FTE dedicated to security.

Thanks, Andrew

Andrew Goble Information Security Officer Dixie State University - Saint George, Utah goble@dixie.edu 435.652.7963

-- USHE-ISO mailing list USHE-ISO@lists.dixie.edu https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.dixie.edu_cgi-2Dbi...