UC Santa Barbara's Unified Security Posture Management (USPM) program consolidates data from multiple asset and vulnerability discovery tools into one platform for efficient vulnerability triage and remediation.
The Unified Security Posture Management Tooling ServiceNow Knowledge Base article provides a comprehensive list and description of all current tools.
Asset Discovery is a critical component of a mature information security and vulnerability management program. It is not possible to secure assets that you don't know about. Asset Discovery provides operational visibility to assist with managing attack surface, mitigating exposure, and managing risk and compliance. It can also help feed other asset inventory tooling.
The campus Security Operations Center (SOC) manages a vulnerability management program, which is part of UCSB’s comprehensive Information Security program and a vital component of the Unified Security Posture Management initiative.
Vulnerabilities are software or configuration defects that allow an attacker to gain control of a system or disrupt its normal operations.
Critical vulnerabilities generally allow an attacker with network access to a computer to completely take control of the system by running arbitrary code at elevated privilege. In IT security circles, this is called “pwning” a system. The attacker can steal data, disrupt operations, or use the system as a jumping-off/pivot point to attack other systems behind otherwise closed networks. In this way, a critically vulnerable system puts the entire university at risk.
Vulnerabilities rated as high severity may be more difficult to exploit. They may give an attacker less control of a system, but they can severely compromise it, allow data to be stolen or modified, and disrupt normal operations.
Additionally, the risk context around vulnerabilities matters. Vulnerabilities rated as critical or high-severity with exploits occurring in the wild are more urgent to patch than those with proof-of-concept exploits or those without available exploits. System/service visibility (whether a system or service is publicly accessible) also provides vital context to overall risk.
Vulnerability Findings
Vulnerability findings are results identified by an automated security scanning tool or manual assessment conducted by a human (such as a penetration test or bug bounty program). Findings may include:
- The presence of one or more CVEs on an asset
- A system or cloud infrastructure misconfiguration
- A check for compliance or non-compliance with a compliance framework
- A security flaw in a system identified during a manual assessment
UCSB’s Unified Security Posture Management program ingests vulnerability findings from internal tools, third-party reporters, and attack surface management services and systems.
ServiceNow Resources
The web is the portal to business. It’s still true that the browser can talk to backend servers, but more and more applications use web protocols to connect to one another. These webs-of-applications form the basis for many information architectures today.
Regardless of whether it’s a user filling out a form, a piece of Javascript processing transaction data before sending it to a server, or two servers exchanging information, anytime there is a network link between systems vulnerabilities are likely to creep in. Add layers of middleware to the mix and the problem grows.
Application vulnerabilities can happen in all types of systems. For most developers today, web vulnerabilities are the most common. Application vulnerabilities have existed since the first web server permitted a user to provide input to a backend. In the early days, these were generally related to input validation. That’s still true today.
ServiceNow Resources
With the ongoing prevalence of data breaches and the greater sophistication and pervasiveness of malware, and in particular ransomware, the UC system has enhanced legacy endpoint security (anti-virus or anti-malware) with next-generation endpoint protection. The UCSB Security Operations Center (SOC) monitors endpoint security through advanced Endpoint Detection and Response (EDR) tooling. EDR is designed to address these new sophisticated attacks with features that go well beyond the capabilities of traditional malware protection.