Security

Stanford's anti-malware service for Windows 10, Windows Server 2012/2016/2019 is CrowdStrike Falcon. CrowdStrike provides advanced defensive capabilities against modern computer and network threats. It replaces traditional signature-based anti-malware with a sophisticated set of behavioral models, enabling it to detect advanced and novel threats.

Splunk software is used for searching, monitoring, and analyzing machine-generated big data via a web-style interface.

The Secure Email service is designed for members of the Stanford community who plan to use email to transmit Protected Health Information (PHI) in accordance with the HIPAA guidelines. The most frequent use of this service will be from the Stanford School of Medicine.

Endpoint Compliance Reports provide information to system and department administrators, local desktop support, and management to monitor compliance of the devices that connect to the Stanford network.

OSSEC is a file integrity monitoring application that records changes to a server's file system to help detect and investigate an intrusion or change.

Mobile Device Management (MDM) enables you to manage your mobile device through Stanford's web-based tool, and configures a profile that gives you secure access to internal systems while protecting the data on your device.

University IT provides faculty, staff, and students a Dashlane Premium password manager account account free of charge.

A Privileged Access Workstation (PAW), also called a Personal Bastion Host (PBH), provides a dedicated computing environment for sensitive tasks that is protected from Internet attacks and other threat vectors.

SAML 2.0 is one in a set of authentication and authorization technologies underlying Stanford WebLogin, which provides access by individuals across organizations to protected web pages and applications, with just one login action.

BigFix for Servers is a tool for IT server administrators to view overall inventory, deploy software, and manage configurations.

See Secure File Storage.

Two-step authentication uses two types of authentication to verify your identity. First, you need to log in with your SUNet ID and password. Then you need  a physical device that you control—such as your mobile phone, tablet, or landline phone—to verify your identity. This type of authentication is required to access Stanford systems that have higher than normal levels of security, such as critical business or infrastructure systems. In addition, two-step authentication can help protect your Stanford account should someone else learn your password.

VLRE provides encryption verification without requiring BigFix. VLRE is a read-only application that periodically reports on the computer's encryption status and screensaver password status, leaving maintenance of the computer entirely to the user.

Qualys vulnerability scanner finds security vulnerabilities in web applications and other network services and helps you remediate them.