The recent Coronavirus pandemic is presenting new challenges for organizations worldwide. With many teams now forced to work from home, security and IT teams are required to reexamine their security approach in order to meet new needs, and address new problems.
But for some businesses remote work is a daily norm. Universities in particular have always faced a difficult task: how to reconcile full cybersecurity protection and an open IT environment. We recently completed a case study with Seton Hall University to highlight the success they've had enabling students and faculty to operate remotely.
To leverage some of the lessons learned in this study, we'd like to share some of the challenges high-ed security teams face daily, and how the team at Seton Hall University is able to overcome them.
The High-ed Security Challenge
While corporations can dictate security restrictions on users’ online behavior, such moves within academia run counter to the culture of a higher-ed institution. A university’s primary mission is to encourage unfettered individual creativity and group collaboration, which necessitates the free flow and exchange of information both internally and externally with colleagues around the world.
For this very reason, higher-ed institutions are particularly attractive targets for hackers. Some recent estimates posit that the professional education sector may receive as many as nine times the number of cyberattacks as experienced by the average organization.
A Need for Security Peace of Mind Both On and Off Campus
Maintaining security on campus while dealing with an open environment is the number-one challenge facing Keith Barros, Senior Director, Information Security, at Seton Hall University.
“I can’t control most of the machines that are on my network,” Barros said in a recent interview with Cybereason. “I may own them and I may be able to put endpoint protection on them, but I can’t control what people do with them.” For example, his team doesn't have a mandate to put up a web proxy and forbid the university’s faculty from visiting high-risk sites.
An added complication comes when faculty members take university laptops off campus for summer vacation.
“I have these people who leave the network for three months in the summertime, they work from home and travel and do all the things people do over an extended period of time, with no connection back to the network,” said Barros. “So, I need tools that I can manage, get reporting on, and protect the devices when faculty members are not here.”
How to Protect Vast Amounts of Personal Data on an Open Network
On top of all of this, the university is responsible for vast amounts of personal information.
Barros notes the sheer breadth of valuable information that his department needs to protect, along with the different federal and compliance needs they have. This includes the personal identifiable information of students and faculty; the university’s intellectual property, the fruits of university research; PCI data from credit cards of student payments; and HIPAA information from the institution’s student health center.
“Universities by their nature are like small cities which run 24 hours a day, seven days a week, and 365 days a year,” said Barros. “But our security team only works 35 hours per week, Monday to Friday.” His already over-stretched team urgently needed help to assure complete cybersecurity protection outside of office hours, over weekends, and during vacations.
In Lieu of Tight Controls, Higher-Ed Puts Its Trust in Powerful Prevention and Detection
Since restricting users’ access is an impossibility, higher-ed security teams require cybersecurity tools that automatically prevent advanced attacks like ransomware and fileless, while also providing prompt and easy to understand alerts so teams can react quickly to incidents.
Over the summer vacation, a Seton Hall academic working at home in the middle of the night accidentally infected his university machine with ransomware. The next night, he did the same exact thing, again by accident. So, the same ransomware on the same machine in the space of two days.
For a university, a ransomware attack not only disrupts daily faculty activity, but it also denies access to vitally important information like research data. In a worst-case scenario, malware might spread across the university’s network and gain access to valuable accounts. With ransomware attacks on higher-ed on the rise, the value of automatic prevention has grown significantly.
In the aforementioned incident, the Cybereason platform automatically prevented the ransomware on both occasions. Barros also received an early morning call from Cybereason’s security team to express to inform him of the double attack on the same endpoint. “They said something serious is going on here, and we were able to get the academic’s machine remediated before he lost it,” said Barros.
This successful real-life defense of the university network is the way Barros and his team have been able to show other departments of the value of cybersecurity tools and how the deployment of those tools doesn’t negatively impact the university’s mandated open IT environment.
“Good publicity for security with the faculty is very important because they’re our toughest customer,” said Barros. “They’re always afraid that we’re impinging on academic freedom. In this case, we were not impinging, we were actually helping them stay free and not become compromised.”
An open network requires uninterrupted visibility
Prior to deploying Cybereason, Seton Hall lacked significant endpoint visibility, which caused issues for the security team over the summer vacation months. If a machine was off campus for long, the previous solution’s agent would often stop reporting.
“We would look at the licensed server and we would see that, out of the 1,000 machines we were licensed for, only 600 were showing up,” said Barros. “Well, where did the other 400 machines go? That’s not a good unknown.”
For an open IT environment like the one at Seton Hall, relying on a solution that provides remote detection and remediation ensures the university is fully protected against potential threats. With Cybereason in place, the university now has full insight into all endpoints, both on and off campus, and is able to execute remediation actions remotely and without assistance from the IT team.
“We’ve found Malops on the devices of critical, privileged users, malware which had been there before we installed Cybereason,” said Barros. “My security team now controls the entire environment and we don’t have to have any input from anybody outside of my team. When I run a report on how many sensors we have, what version they’re on, and what they’re seeing, I know that it’s accurate because it’s my people that are doing it.”
Mitigate Risk, Protect Sensitive Data, Prevent Advanced Attacks
University security teams can maintain a balance between cybersecurity protection and an open IT environment by:
1_Investing in modern, advanced prevention. When faced with defending open networks where device use cannot be limited, universities must use solutions with strong automatic prevention capabilities. As the threat landscape continues to evolve, it is imperative to prevent modern, advanced attacks such as attack involving fileless techniques, and ransomware.
2_Allowing no gaps in visibility. Higher-ed institutions need to monitor endpoints whether devices are used on or off campus. This lets security teams be confident that the university’s network remains fully protected over the long summer months when faculty and their work machines are off campus.
3_Responding rapidly to incidents through remote remediation. Higher-ed security teams can use powerful remediation capabilities to ensure fast and efficient handling of any incident, whether on or off campus. The security team is empowered from incident investigation through to resolution, without needing to call on or wait for other teams.
4_Ensuring a stable, and safe environment. If undetected, malware on an open IT environment will have a severe impact and may infect the entire campus. Security teams need cybersecurity solutions that have no lapses in protection and are reliable 24/7, 365 days a year.
“We are protected,” Barros said. “It’s the best protection we’re getting, and it’s keeping us out of the news, which is the important part for us.”
To learn more about Keith and Seton Hall’s ability to defend with Cybereason, read the case study, and watch the video.
![FBI vs. REvil [ML BSide]](https://www.cybereason.com/hubfs/Malicious-Life-episode%20%284%29-1.png)