Interviews Security

Proactive security monitoring can help reduce vulnerability

Image by Unsplash

CONNECT meets David Heed, Network and Security Services Coordinator for SUNET (Swedish University Computer Network) to talk about the latest initiatives by the Work Package on Security (WP8) within the GÉANT Project (GN4-3).

 

David, tell us about yourself, your role at SUNET and within GN4-3.

David Heed, SUNET

At SUNET since 2018, I have been working for over 20 years in Information Security and more than 10 in the academic sector. Currently we collaborate with our connected institutions and endeavour to evolve from the role of a reactive CERT (Computer Emergency Response Team) to a more proactive SOC (Security Operation Centre).  Infact, many National Research and Education Networks (NRENs) are starting to establish their own SOCs. In the context of WP8 GN4-3 I’m the sub-task leader for Vulnerability Assessment as a Service. Our sub-task’s objective is to provide our constituencies with the capability to assess their exposed services and offer a suitable solution to enable them to carry out their own internal scanning. Right now, we are evaluating two different options: whether to write our own program or to procure for this service. After consultation with the Special Interest Group on Information Security Management (SIG-ISM) we are pleased to announce that both options will be available to our community. To improve functionality of the existing tools and their integration with the open source scanner OpenVAS, already partly developed as a proof of concept, we needed to write our own programs; our project members and our community are knowledgeable in this area. We are also in the process of evaluating a variety of commercial tools for those organisations who need them and have budgets for such services.

Why did you decide to use a vulnerability management platform for the GÉANT Project? When did you start looking?

Our project started two years ago. As keeping a scanning infrastructure up to date can be a daunting task for small NRENs,  we started planning to release a container (a specific software package) with all the capabilities needed to either carry out manual scanning or for integration with SOC tools. In our quest to use both open source components and professional scanning capabilities, we decided to adopt for the GÉANT community an online Greenbone scanner. In addition, we recently signed a Memorandum of Understanding (MoU) with Holm Security whose scanner is based on OpenVAS. In order to maintain valid and active vulnerability checks, we believe that testing and improvements on open source components can be done jointly with organisations such as Holm, but we are open to wider collaborations too. I am delighted that our agreement with Holm will give us access to their assessment feed and knowledge. Going forward we also intend to procure for a scanning infrastructure or a cloud-based license model that includes an academic discount option to avoid the additional vendors’ charges based on IP addresses numbers, which in case of academia is always high. Working together with NRENs in this area is a necessity; in the last year we have had great conversations about opportunities and ways to collaborate.

What will Holm Security deliver to the GÉANT Community?

In short, they will share their vulnerability assessment feed for the OpenVAS scanner with GÉANT’s constituencies in the academic sector. Our collaboration in this area will include the dissemination of information on how to optimise processes and how to write testing-plugins to verify vulnerabilities. During 2021 we aim to organise multiple webinars and finalise authentication mechanisms for NRENs and their institutions to facilitate access to Holm Security’s feed.

What are the benefits that this collaboration will bring?

This is one of the areas within the security space where collaboration is needed and must also be encouraged to level the playing field against cyber criminals and prevent research data and identity theft. I’m hoping that this collaboration will encourage to build a community that includes NRENs, security researchers and other interested parties.  Helping NRENs to enhance their proactive notification capability will lower the need for incident response. This whole area of proactive security is not often in the spotlight; hopefully our solutions will help to prevent (for the entire GÉANT community) the negative publicity and stigma often associated with the consequences of major security breaches. We will not solve the human vulnerability issue, but we can certainly look after the safety of our systems. My hope is that this work carried out within GN4-3 will provide a solid foundation for further fruitful collaborations in this area.

For more information you can contact David Heed and the WP8 sub-task group at: gn4-3-wp8-vulnerability@lists.geant.org