At Eden Prairie Schools in Minnesota, an IT staff of about two dozen share cybersecurity duties, but the buck ultimately stops with Alex Townsend, the district’s technology director.
“We’ve seen school districts in our area go through some pretty big public events,” Townsend says. “I think about the data that we hold — Social Security numbers, bank accounts, credit card information. I don’t want to be the person responsible for a group of 8-year-old students’ Social Security numbers being compromised, and then they have to deal with that for the rest of their lives.”
Until recently, though, Townsend and his staff were stretched thin, trying to manually monitor alerts from a number of systems. The district couldn’t afford to add staff to chase down the alerts, but it also couldn’t afford a ransomware, phishing or malware attack. So, Townsend turned to cybersecurity provider Arctic Wolf Networks for help with managed detection and response, risk management, security awareness and incident response.
Like IT leaders in many K—12 districts, Townsend found that working with an external partner for cybersecurity services takes the burden off internal IT staffers so they can focus on supporting the district’s users and implementing its tech strategy. These partnerships can also bring economies of scale to K-12 education, creating a capacity level that would otherwise be impractical for schools and districts that simply can’t afford to staff a 24/7 security operations center.
“We were able to eliminate several of our existing platforms and replace multiple systems with this one offering,” Townsend explains. “Before, we were doing everything on our own, and it was taking a lot of time to sort out whether alerts were just noise or if we needed to contact our administrative team. Now, with Arctic Wolf, we’re generating tickets only for things that we care about.”
Click the banner to learn how to optimize spending for your K-12 IT team.
Cybersecurity Partners Help K–12 IT Teams Focus on What Matters
Christopher Kissel, IDC research vice president for security and trust products, notes that managed security providers have specialists devoted to monitoring alerts. They also have automated tools that help them respond to incidents quickly. “The largest benefit from outsourcing traffic monitoring and alerts is that on-premises personnel can be more squarely devoted to IT-related tasks such as onboarding new servers and devices, installing software updates and checking configurations,” Kissel says.
The partnership with Arctic Wolf has become so important to Eden Prairie Schools that the district won’t adopt any solutions that don’t integrate with the vendor’s monitoring tools. Arctic Wolf ingests millions of logs each week and flags a relatively small portion as problematic. From those, the vendor sends the district only about 20 alerts, and Arctic Wolf professionals are available to help Townsend and his team address those incident tickets.
RELATED: Here’s how K–12 can increase security on a budget.
“They’re not just a ticketing platform that sends us information and wishes us the best of luck,” Townsend says. “It’s really a true partnership. Our tickets are back and forth, not a one-way conversation. They’re proactively meeting with us, looking at things like Active Directory, firewall rules and network configurations to tell us what they see in our environment and what we can do to better our security.”
Arctic Wolf’s security awareness offering sends simulated phishing attempts to faculty and staff, then provides short, on-demand training videos to help them better identify spoof emails. The videos, which are just a few minutes long, give employees the information they need without requiring Townsend’s team to conduct lengthy training sessions.
“At some point, everyone has recognized that these threats are not stopping,” Townsend says. “Schools are target-rich environments, but we don’t have a huge security staff. We’re designed to help kids get the education they deserve in the classroom. Our primary goal is educating our children so that they can grow up and be strong contributors to a 21st century workforce. Our partnership with Arctic Wolf helps us strike that balance.”
I don't know how we would do some of these things without this partnership because I don’t have someone here on staff who can monitor traffic 24/7.”
CTO, Eanes Independent School District
Schools Get a Better Understanding of Cyberthreats
Several years ago, Hillsborough Township Public Schools in New Jersey relied on manual log monitoring to detect suspicious events on its network. “We didn’t really have the manpower to go through all of our logs and look for things, but that’s what we were relying on,” says Joel Handler, the district’s technology director. “That made us more dependent on our anti-virus software, but it did not do its job, and we had a ransomware attack come through in 2021.”
Shortly after that, the district began working with a third party to monitor logs from its Google environment, Windows infrastructure, SentinelOne solution and other tools. “From a business perspective, outsourcing cybersecurity monitoring makes a lot of sense,” Handler says. “And that’s coming from a guy who doesn’t like to outsource anything.”
WATCH: Joel Handler shares what he learned after a ransomware attack.
Handler explains that he prefers to rely on internal IT staff for most diagnostic, maintenance and repair tasks. However, when it comes to cybersecurity monitoring, he says schools are simply not equipped to handle the sheer size of the job. “As a district, we don’t have the resources to constantly monitor devices,” he says. “Most school districts are underfunded in terms of staffing for the number of devices they have. The other problem is that schools, by nature, are designed to be open, with students and staff accessing a variety of resources. That’s part of the nature of learning. Other than a couple of websites, we want our students and staff to be able to access the entire internet, and that opens up vulnerabilities.”
Along with reducing the burden on internal staffers, Handler says, the partnership has given district leaders a better understanding of the threats it faces. It has even influenced policy changes; for instance, banning access to devices and users located outside of the U.S. “It opened our eyes to the number of attacks that are constantly happening,” Handler says. “You don’t see it until it’s brought to your attention.”
The percentage of K-12 districts that monitor traffic in real time to detect network intrusions
Source: cosn.org, 2023, State of EdTech Leadership, April 2023
Partners Solving Staffing Challenges With Continuous Support
After three cybersecurity leaders left the district in a span of four years, Kristy Sailors, CTO at Eanes Independent School District near Austin, Texas, turned to outside help for cybersecurity monitoring.
“The most recent person left after nine months,” Sailors says. “We didn’t have much of a choice. In K–12 education, our funding is limited, and we can’t compete with salaries in the private sector — especially here in Austin, which is a technology capital. We would bring people in, spend money to help them get certified, and then within 30 days of them receiving those certifications, they were gone.”
Before signing an agreement, Eanes ISD leaders met with a cybersecurity vendor to lay out which types of alerts warranted a certain type of response. They agreed to have the partner handle the lowest priorities on its own and contact Eanes leaders after remediating more serious issues. For an event that rises to an emergency level, the vendor will call Sailors immediately, even in the middle of the night.
LEARN MORE: Click here to learn how technology drives cost optimization for your school.
“They’re really good at telling us what they’re seeing and making recommendations to block certain IP addresses,” Sailors says. “I can also get a detailed report about what specific resources attackers are trying to access. Mostly, it’s been random bots trying to find a way into the network to do whatever malicious things they want to do.”
Another bonus: Eanes ISD is able to pay for the cybersecurity services with tax bond funds, which cannot be spent on staff salaries.
“I don’t know how we would do some of these things without this partnership because I don’t have someone here on staff who can monitor traffic 24/7,” Sailors says. “It’s a huge relief for us to know that there is a team that knows who we are, what our patterns are and what we can expect to see in our environment. They’re keeping an eye out for us so we can focus on everything else we need to do.”
Illustration by Olly Kava