IT Services

Endpoint Protection Services

User workstations and notebooks are essential tools that enable staff to communicate and collaborate effectively with colleagues, students, and external partners—whether on campus or working remotely. These devices are critical to daily productivity, but they also represent potential entry points for cyber threats if not properly secured. Microsoft Defender for Endpoint (MDE) is the default security client deployed across University-managed devices, providing advanced threat protection, real-time monitoring, and automated response capabilities to safeguard institutional data and systems.  The advanced security protection and management benefits of MDE included: Regular System Patch Updates Centralized Desktop Management Support Advanced Threat & Malware Protection Firewall Control & Policy Enforcement Attack Surface Reduction (ASR) Endpoint detection and response (EDR) Vulnerability Management (Threat & Exposure Management)   There are two ways to enable MDE: By joining PolyU domain – Currently, over 4000 workstations and notebooks have joined the PolyU domain with MDE enabled. For workstations/notebooks that have not joined the PolyU domain, users can join the PolyU domain through a simple enrollment process.   For devices with special technical/operational reasons or licensing issues, that cannot enable MDE, users are advised to enable the built-in Microsoft Defender Antivirus from Microsoft Windows. The built-in Microsoft Defender Antivirus provides: Real-time protection against viruses, malware, and ransomware Automatic scanning of downloads, apps, and attachments Basic firewall and network protection features   User can refer to this document for the usage of Microsoft Defender Antivirus. While Microsoft Defender Antivirus offers basic security protection, it is highly recommended to join the PolyU domain and enable MDE for enhanced and comprehensive endpoint security.  

Security Consulting Service

Users may come across security related problems while conducting teaching, learning, research and administration activities, our security consulting service provides users with advice on compliance, security risk assessment, threats mitigation and incident response to address security issues concerned.

Security Risk Assessment Services

Two main types of security risk assessment services are provided to user departments: System vulnerability assessment service System vulnerability assessment service identifies potential vulnerabilities on their information systems and examine the security posture of the systems. Web application vulnerability assessment service Web application vulnerability assessment service identifies the possible vulnerabilities in the web applications before they are placed in production. In general, individual vulnerability assessment could be completed within 5 business days, depending on the complexity of system / web application and the availability of the assessment resources.   Preparation prior to the assessment Involvement of department / office is required for the success of the service. The following are some of their responsibilities: Department / office should clearly identify the scope for the vulnerability assessment and provide written authorization to our Cyber Security Team for that assessment A representative from department / office should be appointed as single point of contact during the service period Department / office should provide the necessary documentation to review Department / office should arrange internally for a time slot for the vulnerability assessment The remediation of the vulnerabilities identified from the assessment is not included in the service. Department / office should be responsible for the fixing Department / office should ensure a full and restorable backup (including both system and data) is available before the assessment

Security Threat Mitigation and Incident Response Services

To assist departments/ offices to handle an IT security incident and to minimize the adverse impact to the University as a whole, we provide: Assistance for the concerned departments to mitigate the imminent threats posed by the attacks Alert to the University community of imminent threats and provide recommendation on the mitigation Recommendation on the necessary enhancement to avoid the recurrence of the similar incident in the future

Web Application Firewall Service

To ensure publicly accessible information systems of the University are well protected against cyberattacks, all publicly accessible systems shall be equipped the baseline security controls including: Server based endpoint security solution, i.e. Trend Micro Deep Security agent Security anomaly detection agent, i.e. Splunk agent The Web Application Firewall service is provided to departments/ offices to safeguard their publicly accessible web applications / websites against web attacks such as SQL injection, etc.