Protecting sensitive information can feel like running on a treadmill: No matter how hard higher education IT professionals work to get ahead, hackers seem to keep gaining ground.
Despite ongoing investments in cybersecurity, attackers continue to set new records. Symantec reported in its “2016 Internet Security Threat Report” that the previous year saw a 55 percent uptick in spear phishing campaigns, a 35 percent increase in malware and a total of more than half a billion lost or stolen records. Education was one of the most frequently attacked sectors.
“The work of information security in higher education, as in most industries, is never done, because the landscape and threats are always evolving and becoming more sophisticated,” says Susan Malisch, CIO at Loyola University Chicago. “The added challenge in higher education is to keep the environment open for academic and research activities, stay sufficiently protected and remain compliant with regulations.”
These three cybersecurity tools provides a window into solutions that are helping colleges and universities keep their networks and data safe.
Firewalls, which prevent unauthorized traffic from entering secured networks, are a mainstay of information security on most higher education campuses. Increasingly, institutions are turning to next-generation firewalls (NGFW) that combine standard firewall features — such as packet filtering, network address translation, stateful protocol inspection and virtual private networking — with advanced features such as application awareness and control, identity awareness and integration with intrusion prevention systems. On many campuses, risks stemming from the increase in advanced attacks and zero-day security threats are driving the adoption of NGFWs.
“As attacks have become more sophisticated, so has the need for firewalls to enforce broader security policies at the network and application levels,” says Malisch. “It can be very helpful to have an integrated set of advanced protection strategies and monitoring occurring within a NGFW rather than having to install, manage and monitor multiple products to serve all these functions.”
Jill Albin-Hill, vice president for information technology and CIO at Dominican University, says one of the chief benefits of NGFWs is the increased visibility they provide into network traffic.
“I think it helped us understand our traffic a bit more,” Albin-Hill says. That visibility, she adds, helps the university identify risky traffic (for example, in an activity such as illegal file sharing), identify misconfigured devices and monitor resource utilization.
Unified Threat Management (UTM) tools provide several security technologies within a single appliance. Although product capabilities vary from vendor to vendor, many UTM solutions include firewall capabilities, content filtering proxies and other security technologies. Intrusion detection and prevention systems (IDS/IPS), meanwhile, monitor networks and hosts for signs of malicious activity. An IDS tool will provide early-warning systems that alert network administrators to suspected intrusions, whereas an IPS solution will automatically block suspicious traffic before it can spread throughout the campus network.
Not all institutions have stand-alone UTM and IDS/IPS tools. UTM solutions and NGFWs often include threat detection and prevention capabilities, and UTM solutions aren’t always a great fit for larger institutions with sprawling infrastructures.
“It really depends on how centralized an IT organization is,” says James Wiley, a principal analyst focusing in cybersecurity at the research firm Eduventures. “If they have full visibility of all of their applications and the data, then they can deploy [UTM tools]. But at a decentralized institution, it’s very hard, because IT is just controlling a subset.”
Every day, the thousands of individual devices that are connected to a college or university network generate vast amounts of information that can help IT administrators better understand their cybersecurity posture. However, this information doesn’t do an institution any good unless it’s being examined, and the sheer amount of data being collected makes it impossible to process manually. Security information and event management (SIEM) systems bring together logging information from a variety of devices and security products and search for patterns that might indicate suspicious activity.
“SIEM technologies remove the difficulty and burden of the information security team to wade through files individually,” says Malisch. “When deployed optimally, SIEM tools can save an information security department a lot of time through the aggregation of multiple logs and data sources into a concise list. Via a SIEM, it is much easier to identify anomalies and trends that could indicate information security threats and prevent incidents and information loss.”
Karen Scarfone, principal consultant at Scarfone Cybersecurity, notes that these solutions also help to streamline regulatory compliance and auditing. “A SIEM is a great way to pull all of that information into one place, to make an auditor’s job so much easier,” she says.