Dec 20 2016

Protecting Your Network from Threats Introduced by Users

Accidental actions can cause major cybersecurity issues.

Faculty, staff and students can often introduce threats into a network through unwitting actions, such as clicking on a malicious link in a phishing email.

Although user education is one important strategy for curbing these threats, security tools that provide protection at the device level and filter email and web traffic can also be immensely valuable.

Email, Web and Endpoint Security Boost Threat Prevention

Endpoint protection technologies fight off viruses, worms, Trojan horses and other malicious code objects on user devices. Web filtering systems block users from accessing websites that are suspected of hosting malicious code, and email filtering tools scan inbound messages for signs of malicious content.

Web and email filtering tools have the potential to provide big security wins with a small upfront investment, says Karen Scarfone, principal consultant at Scarfone Cybersecurity. “They’re a lot of bang for the buck, because you’re deploying one appliance or one piece of software, and you can block a huge number of threats with that one security control.”

The large number of users on many campus networks underscores the importance of endpoint security. However, protecting devices that the institution neither owns nor manages can prove to be challenging. Dominican University solves this problem by requiring that devices have anti-virus protection before they can connect to the network. The university pays for student anti-virus licenses and offers the protection as a free download.

Advanced Malware Protection Keeps the Cloud Safe

“Malware is getting more complex and more malicious than ever,” says Susan Malisch, CIO at Loyola University Chicago. “As universities move more services to the cloud, advanced malware solutions are a key component to protecting users and data that flows in and out of the cloud, and should be combined with ongoing security awareness training.”

Traditional anti-malware tools provide signature-based protection from attacks. But they can’t recognize new instances of malware, because their virus definition files will not contain the patterns required to identify the virus. Rather than relying on signature databases, advanced malware protection tools sequester suspicious files for closer inspection. This may mean diverting the suspected malware to an isolated “sandbox” system where it can be monitored for malicious actions.

Network Access Control and Authentication Help IT Departments

Network administrators at colleges and universities have lost some of the control they once had over their networks as the number of connected devices has boomed in recent years. Solutions that authenticate users and control which devices they can use to connect to the campus network help IT professionals regain some of that control by ensuring that only trusted users and devices are granted network access.

In an environment protected by a Network Access Control (NAC) system, end users are authenticated to ensure they are members of the campus community. The NAC system then analyzes devices to determine whether they meet minimum security standards. Devices that fail this check may be placed in a quarantine zone where users can download and install security updates, but cannot gain access to other campus IT resources.

Mike Chapple, senior director for IT service delivery at the University of Notre Dame, says that institutions are increasingly requiring two-factor authentication for access to critical systems and sensitive information. Some such systems send alerts to mobile apps when users attempt to access resources on a new device and require users to approve the request before the system grants access.

“The technology has become a lot better,” Chapple says. “In the past, you basically had to do key fobs. That’s why only IT people were using [two-factor authentication]. Now that you just have to click a green checkmark [on a mobile app], the usability has gone way up.”

Cloud-Based Security Provides Additional Capabilities

With cloud providers offering storage, software and other IT resources, it’s little surprise that Security as a Service options have sprung up as well. These are cloud-based versions of widely used cybersecurity technologies, including endpoint solutions, email protection, firewall management and vulnerability scanning.

Many colleges and universities are already using cloud-based security technologies, just by virtue of putting other resources in the cloud. For example, if a campus has moved its email to the cloud, it is likely receiving cloud-based spam filtering, as well.

“As schools start adopting Infrastructure as a Service platforms in general, they’re adopting cloud security service at the same time, because they go hand in hand,” says Chapple. “You certainly have to use the security tools that come as part of the service. But a lot of institutions are looking at add-on services that provide additional capabilities. Data loss prevention is the biggest example that comes to mind, for email.”

Chapple also notes that cloud-based vulnerability scanning can help institutions to complete scans on an as-needed basis, while also meeting compliance requirements that call for scans to be conducted by an external organization. “You really get a great advantage by using a managed service,” he says.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT