Anti-Virus Software - Trellix

Trellix Endpoint Security (formerly known as FireEye) is a modern endpoint protection platform combining traditional anti-virus with advanced real-time indicator detection and prevention. This platform supports the UC Office of the President’s IS-3 policy (https://policy.ucop.edu/doc/7000543/BFB-IS-3) in the pursuit of the University's mission of teaching, research, and public service which necessitates that information assets and administrative data be safeguarded and maintained. The Trellix agent can help: 

• Control the installation, spread, and execution of malicious code with automated system analysis of abnormal activity

• Reduce security threats with automated policy-driven response and real-time threat intelligence capabilities

• Enable endpoint visibility for UCSD IT Security to respond to threats in a more informed and timely manner

The Trellix agent unifies prevention, detection, and response in a single agent powered by machine learning and automation. System endpoints are protected from vulnerabilities and exploits, including: 

• Executables – Trojans, worms, backdoors, and payload-based

• Memory-based malware

• Documents – Office documents, adobe files, macros

• Browser – Drive-by downloads, Flash, Java, Javascript, VBS, iFrame/HTML5 plugins

• Scripts – Powershell, WMI, Powersploit, VBS

Vulnerability Management - Qualys

Vulnerability management services are provided via the Qualys platform to help the organization proactively detect and mitigate high risk vulnerabilities on systems deployed across the campus network. UCSD utilizes Qualys to regularly scan the campus network for known vulnerabilities. 

The goal of the vulnerability management service is to facilitate the attainment of IS-3 compliance (https://policy.ucop.edu/doc/7000543/BFB-IS-3) for all UCSD units. Systems with open vulnerabilities present varying levels of risk to data and other systems depending on the severity of said vulnerabilities. To achieve compliance, units are responsible for meeting the IS-3 requirement (regardless of who manages scans and reports, SSCF or ITS Security). Ultimately, SSCF is accountable for the remediation and protection of their environments, and for meeting the compliance requirements.