Colleges tend to have more open computing policies, and that’s why they have become a favorite launching pad for hacking attacks. Given this increased threat landscape, schools such as Texas A&M University now believe that no one tool or set of tools from a manufacturer can secure their network.
“Our philosophy is not to depend on any one solution,” says Willis Marti, chief information security officer at Texas A&M. “Putting all your eggs with one manufacturer is a bad security decision. For example, if one vendor gets a blind spot, then your network is exposed.”
So Texas A&M takes a best-of-breed approach.
For starters, the university runs two 100-gigabit links to Internet 2, so it deployed a Juniper SRX series firewall to handle the load.
“We have become a major research university, so we needed something high-end to manage all that traffic,” he says.
In addition to the Juniper firewall, the university depends on a mix of security technologies to keep the network secure. Texas A&M uses Symantec for anti-virus and malware inspection. It also relies on Proofpoint, which examines the content of email attachments and warns the IT team of any malicious emails within incoming and outgoing traffic. Finally, Marti says, the security team uses Cisco’s Sourcefire to scan internal network traffic across nearly 50,000 hosts.
“Sourcefire integrates very well with the Juniper firewall,” Marti says.
Next up for Texas A&M: selecting either an analytics tool such as Splunk or working with log correlation software to analyze log data and tie it to malicious activity on the network.
Frank Dickson, a research director for Frost and Sullivan, says IT departments require tools today that not only identify malware, but can also track malicious activity.
“Organizations need tools that can deliver more visibility into network traffic,” Dickson says. “I think we’ll see more security products come with sensors, so IT managers can more accurately track the flow of traffic across the enterprise and determine if there’s anything suspicious with the network activity.”
Focus on Best Practices
Matthew Kunkel, associate chief information security officer at Washington State University, says his IT team is responding to the increased threat landscape by focusing on the security best practices it generally knows and that are practiced throughout the security industry, such as the SANS Top 20 from the SANS Institute.
Kunkel says the university plans to look for tools that cover gaps in their mitigation strategies in a cost-effective manner. They are looking to upgrade their firewalls, as well as go beyond traditional anti-virus software. They’ve also been working to deploy a security event and information management system and a security analytics capability.
“All I can tell you is that if you’re not collecting server and workstation logs, you’re missing a massively important data set,” he says. “We’re now collecting several billion log entries every day, with several hundred thousand of those being flagged as anomalous in some way at some level of criticality. We’re also working on tuning out false positives, but in the end, there is absolutely no way to handle the volume without substantial automation.”