Tornado Talks in Ten

Talk 1: Cost-Effective Sensitive Data Discovery at Scale

Sensitive data discovery is vital to organizations with regulated sensitive data. Unfortunately, leading commercial products are generally very pricey for a university budget, and existing free solutions by themselves are inadequate. The University of Michigan has built a solution to these common sensitive data discovery challenges that leverages a combination of custom, in-house developed, and inexpensive solutions.

Outcomes: Learn from the experiences of our team interacting with users across many different campus units * Gain an understanding of how to implement effective, inexpensive sensitive data discovery for your campus

Presenters: Brandon Bailey (University of Michigan–Ann Arbor), Ross Geerlings (University of Michigan–Ann Arbor)

Talk 2: RAEngine: Scoring, Prioritizing, and Automating Your Vulnerability Risk Assessment

IT organizations and universities alike are dealing with risks and compromises on an ongoing basis. Unpatched vulnerabilities are one of the chief culprits causing compromise of systems. Sherlock's standardized and automated approach to vulnerability risk management focuses equally on minimizing system downtime, maintaining customer satisfaction, and keeping systems secure.

Outcomes: Learn how to assess and score risks associated with vulnerabilities * Learn how to prioritize patches * Learn how to automate vulnerability risk assessment

Presenters: Winston Armstrong (University of California San Diego), Daniel Quach (University of California San Diego)

Talk 3: Something You Have: A Microsoft MFA Success Story

We'll describe how we deployed Microsoft's multifactor authentication solution as a response to continuous phishing attacks at the University of St. Thomas. Since we were already licensed for Microsoft MFA through the existing campus agreement, we forged ahead. Using a combination of communication strategies and focusing on user experience, our campus-wide MFA implementation to over 28,000 accounts in eight months has led to a 99% reduction in compromised email accounts and a dramatic decrease in phishing and spam emails on campus.

Outcomes: Understand the nuances of how Microsoft MFA can be deployed at your university * Learn ways you can reduce phishing risks and still maintain user experience through an MFA deployment * Understand how to use data to demonstrate need for and track the eventual success of an MFA initiative

Presenters: Chris Gregg (University of St. Thomas), Melinda Mattox (University of St. Thomas)

Talk 4: Reading SMTP Headers

Participants will learn to read the key elements of SMTP header information related to investigating phish, spam, and other email related security incidents. Beyond the standard header From, Recipient, Subject, etc., we will look at envelope details. You will learn to investigate the true origination of an email message and routing through SMTP servers on the way to its final destination. We will also touch on SMTP authentication details (i.e., SPF, DKIM, and DMARC), as well as additional header details added my email security filtering applications.

Outcomes:Be able to identify important header elements of an SMTP message * Follow the routing of an SMTP message * Read details like envelope information and email authentication

Presenter: Craig Drake (University of Chicago)

Talk 5: Taming the Wild West of Third-Party Apps in G Suite

Join us for a quick overview on how the Google Service Team at NC State is working to get a handle on the myriad of third-party apps currently in use in our G Suite domain. We'll go over our approach and the processes we'll be using to review/re-review these apps, including the partnerships with our Software Licensing and Security unit.

Outcomes: Understand what third-party apps are in Google * Identify risky permissions asked by third parties * Understand the potential impact of loose permissions and how to stay safer online

Presenter: Sarah Noell (North Carolina State University)