The increase in scans helped the university to identify and analyze what some of the largest security risks have been and to see risk trends. It has used that information to build security into the development of applications and to remedy vulnerabilities in a more efficient manner. As a result of these efforts, the number of vulnerabilities found by scans in 2011 dropped by more than 60 percent compared to 2010, Jalso says.
Another benefit of the solution has been the centralized reporting feature. This function has helped different departments and IT managers share information on vulnerabilities through a Web-based interface, he says. The university has also appreciated being able to create customized reports to show to auditors examining whether the university is following certain regulations and mandates. The reports can be set to prioritize issues by their level of security; the system can also provide suggestions about how certain code or other application weaknesses can be remedied.
Using this product has been fairly intuitive, Jalso says, and it has also been reliable. He gives high marks to IBM’s customer service. “IBM’s one of the best vendors I’ve ever worked with.” While there have been no problems that they needed to address, he says that IBM has helped the university learn all of the capabilities of the software so that staff can get the most out of it.