Speakers
Description
As NRENs or in general organizations grow it can be harder and harder to get a good overview of the total digital infrastructure. You can compare it to the form of an iceberg. Most organizations are aware of a part of their infrastructure (above sea-level); however, a large part of the infrastructure is not mapped out well or not even known by the IT department (below sea level). Furthermore, these IT systems can have vulnerabilities. Tracking which systems have which vulnerabilities is thus crucial. This is where a vulnerability management service comes into play.
A vulnerability management service is a system that automatically keeps track of your network, by monitoring which systems are online and which of those systems run outdated or insecure software (software with vulnerabilities). The alerts of this vulnerability management service can then be used to then deploy patches to mitigate the risk of exploitation.
As the demand for vulnerability scanning within the GÉANT community grew, during GN4-3 they put a lot of effort into defining and refining the requirements to set out to find a solution that would meet the needs of both open source and commercial production. Ultimately, the GÉANT Project and GÉANT Association submitted a joint proposal, and the Swedish commercial provider Outpost24 was selected as the result of this process.
The goal of this presentation is to showcase the GÉANT Vulnerability Management Service from two perspectives: first, from the perspective of GÉANT as the managed security service provider, and second from the perspective of CYNET, as a practical use case within an NREN and its constituents. The presentation aims to provide the audience with an understanding of the service and its offerings, while also demonstrating how it can be effectively applied in a NREN context. Additionally, it will serve as a platform for discussions on vulnerability scanning and encourage participants to share their own experiences and insights.
Apart from giving a general introduction to the service and background information, we will give an example of how the service can be used in practice. To do this, one of the presenters is from CYNET. CYNET is trialing the service and will share why they needed a (new) vulnerability management service and explain why they chose to use VMS. Furthermore, they will highlight and discuss the pros and cons of VMS for their use case, as a rather small institution.