Securing a University Network Is Likely the Hardest Job in Cyber Security
On one hand, you need to ensure academic freedom and equal access to just about everything online for all students. On the other, you need to ensure that the network is locked down and completely hacker-proof.
These requirements seem completely contradictory at best and, of course, they are.
To add to this complexity, students undoubtedly don’t act in any way like the responsible corporate network users for whom most vendors design and build their solutions. They’re not employees of the organization either and, therefore, can’t be warned or disciplined for bad online behaviour like at a bank or insurance company.
The biggest differentiator, however, may be that unlike regular corporate network users, students literally live in residence on the network 24/7, accessing all sorts of non-standard websites, applications, and services like Xbox Live and Netflix. This has the effect of drastically increasing the load on security tools in particular to sift through an overwhelming amount of noise in order to detect real threats.
While the tools certainly exist to solve these problems, unfortunately the limited budgets of colleges and universities—combined with the universal problem of access to qualified and highly trained cyber security staff—make many of these solutions beyond reach to those who need them most.
Culture of Innovation
Oddly enough, when I speak to most college and university CIOs and CISOs, they aren’t discouraged by these “layer 8” limitations. In fact, most of them tell me that while this unique situation does force them to stretch both resources and imaginations considerably, it also creates the added benefit of enabling a true culture of innovation that is often proving more effective at addressing ever-evolving cyber security threats than simply trying to outspend them.
This is the reason they are always on the look out for new tools, new ideas, and new approaches to providing the best possible learning environment for students while simultaneously ensuring the most secure infrastructure for their organization.
High Marks for Gigamon
It’s also why colleges and universities love Gigamon. In fact, here are three areas where higher education customers give the highest marks to our Security Delivery Platform for innovation, enablement, and return on investment:
#1 Ubiquitous visibility for all tools across the network
One of the main problems we hear on a regular basis is that higher education IT teams want to see into the black boxes, the blind spots and around the hidden corners of their networks, but that they are at a loss to figure out how to do it.
When the registration system is crashing and none of the students can get that prime Thursday afternoon time slot for their economics tutorial, emotions start running high—and troubleshooting network versus application versus database performance, etc., becomes a nightmare.
Hacking together a Franken-tap and Syslog-shunting solution across multiple tools that requires super-human grepping skills to find the root cause of these types of problems doesn’t really work and doesn’t scale. It’s also super stressful and demoralizing for any staff forced to do it.
With Gigamon, college and university IT teams are tapping the physical network once, as well as extending our GigaSECURE Security Delivery Platform to tap interesting traffic flows between virtualized Web servers, application servers, and databases in VMware and Amazon cloud environments. This makes the complete and definitive record of network traffic in a fully optimized format available to all the tools—such as Splunk, ArcSight, LogRhythm, and Wireshark—they need to manage, monitor, and secure their entire network.
#2 Faster time to deploy new tools with fewer resources
Deploying new tools quickly and effectively when the IT team is already wearing too many hats while the option of hiring external consultants isn’t within the budget is a reoccurring problem for most higher education CIOs. This is where Gigamon can really make a difference, not as a technical solution, but as an innovation enabler.
We find that customers who instrument the entire network with the Gigamon GigaSECURE Security Delivery Platform as part of deploying a single tool often realize significant enough return on investment to justify the work and resources expended for that single project. However, what really matters to customers is that these gains are now automatically leveraged and applied immediately to all future projects.
For example, building a Gigamon solution into the project plan for a network monitoring tool’s deployment results in a fully tapped and instrumented network for that tool. When the security team wants to deploy another tool of their own, they don’t need to repeat any of this work. In fact, they can simply plug their new tool directly into the existing Gigamon Security Delivery Platform rather than tapping the network themselves. This can dramatically decrease the cost and complexity of both the new project and the overall ongoing management of the network while allowing the security team to deploy their tool in a fraction of the time.
One College CIO recently commented that deploying Gigamon was like creating a “security and network visibility power bar.” When he wanted to add a new appliance, he could simply “plug it in rather than re-wiring the entire house.”
#3 Gigamon significantly enhances the effectiveness of existing tool investments
Getting more value out of existing tools is not only an extra benefit, it’s a requirement for colleges and universities who have a constant need to do more with less or simply make do with what they have to meet new challenges.
Have a 10GB sized problem, but a 100GB network? Gigamon can help right-size the network for the tool. A college we recently worked with wanted to purchase a malware mitigation solution that would identify potentially malicious attachments in emails and send them to a sandbox solution for analysis. Unfortunately, the sheer volume of emails they were receiving made the sizing of the tool unaffordable. Leveraging their existing Gigamon Security Delivery Platform, they found that selectively sending only email traffic with attachments to the security tool would not only drastically reduce the size of the appliance needed, but it would also greatly increase the performance of that tool. This made the project both financially and technically viable.
Don’t have enough budget to buy that SIEM you need because your infrastructure is generating way too much data or events per second to ever completely license? Why not send only the right information to the SIEM, thereby lowering the total cost of the project to something you can afford and at the same time making the tool far more efficient, faster and effective?
Recently, a university customer did all of the above by selecting the most relevant and useful traffic to send to their SIEM and leveraging Gigamon’s NetFlow generation ability to provide much greater visibility at a significantly lower tool cost. They found a way to make the project happen by, once again, finding a way to do more with less and, at the same time, even better.
These are but a few reasons Gigamon gets straight As from higher education customers who are leveraging their own culture of innovation along with our Security Delivery Platform to creatively and successfully solve challenges.