Luke Whitworth was rightly worried about the rise of persistent, advanced cyber threats capable of scraping high-risk information from networks. After all, he’s one of the core team responsible for ensuring the security of the network at Cranfield University serving about 4,700 students and 1,600 staff across two campus locations.
Cranfield University is a British post-graduate and research-based public university specialising in science, engineering, technology and management. Cranfield’s network poses unique challenges to Luke and his colleagues: Since it supports a global research institution, the network needs to remain fairly open and accessible from anywhere.
Yet attackers are getting more clever, targeting their attacks at people who can serve as a conduit to privileged systems. Moreover, students and staff located around the world who are not native English speakers can be highly susceptible to targeted phishing attacks.
Should a data breach occur, the university could incur a significant financial penalty under the recent GDPR legislation. At the very least, the publicity could damage its public reputation. With that in mind, Luke wanted to find a way to negate those attacks from happening rather than have to remediate.
Experiencing an average of roughly 2,600 security threats per week, Luke and his colleagues had to remain ever vigilant while effectively handling such volume. A few years back, they decided to use a free security solution based on Domain Name Service Response Policy Zones (DNSRPZ). Serving as a reputation feed into its DNS server, the solution delivered lists of malicious domains and IP addresses. Cranfield could then choose to allow or block access to these. However, without a way to ascertain why a domain or IP address was on the list, the security team was unable to investigate and follow-up on user requests for further information.
Furthermore, while this solution blocked some malware and phishing domains, end users could easily configure their devices to point to any DNS resolver. In those cases, the RPZ lists would prove useless. Plus, the solution crashed the university’s DNS server a few times. Students and staff were unable to access the network until the security team undertook significant engineering rework to fix the issue and restart the DNS server.
As Luke explains, Cranfield needed confidence that its DNS server would not fail or crash. "We know that using DNS as a security control was very effective but we needed to ensure that our DNS platform was rock solid and not impacted by using it to enforce security controls."
When the free RPZ list service that Cranfield was using converted to a paid service, Luke and the team needed to find and implement a new solution. They considered paying for the previously free RPZ lists but felt it would be better to investigate alternative proven solutions that had since come on the market. After comparing Akamai Enterprise Threat Protector (ETP) and a similar solution, Luke felt Akamai better understood the issues unique to academia and that its solution was the best fit for Cranfield.
With Enterprise Threat Protector, Cranfield gets a suite of tools providing everything the security team wanted. The other solution vendor charged extra for functionality beyond the basics. Luke was impressed by Akamai’s technical expertise, the resilience and scale of its Intelligent Edge™ Platform, and the quality of its threat intelligence based on Akamai’s unprecedented view of the Internet. He also appreciates that the Akamai solution includes a comprehensive dashboard providing details about every threat event.
Through ETP’s open API, Cranfield was able to integrate the service with its existing reporting platform. According to Luke, it wasn’t possible for the security team to consolidate this level of security information prior to using the Akamai solution.
"We wanted something quick and easy to implement and use, and ETP fits the bill. Our staff don’t need deep security skills to administer the solution. It’s straightforward for them to see what threats have been blocked by ETP and to determine if we need to further investigate to identify and remediate a compromised device," Luke says.
By injecting threat events from ETP into its reporting solution, the university can better monitor threats on its network. Luke and the team appreciate that the Akamai API allows them to ingest each event separately. In turn, they can review the time and query in the event record and map these to requests in Cranfield’s DNS server logs. Should a wireless client be the source of a questionable DNS requests, they can interrogate their wireless system programmatically. They can even determine a user name from an API-returned record.
This rich information is displayed visually within an in-house developed dashboard, showing the security team offending IP addresses and other potentially harmful activity. "By layering all this information into our systems, we gain a rich dashboard for our network analysts to easily see all relevant information in a single pane."
Going forward, Luke plans to deploy ETP client software onto university laptops for an extra level of protection. This will provide managed laptop users who are off the university’s network the same level of protection against advanced cyber threats as if they were on the network – without the use of a VPN. This minimizes the risk of laptops being compromised when used off network and causing lateral infection when they connect back to the campus network.
Luke also appreciates the option to quickly and universally enforce compliance with an acceptable use policy should the university wish to do that in the future.
"Because people expect to work from anywhere, a solution like Enterprise Threat Protector is essential. With it, we can provide the type of open network that our users expect," he concludes.
Cranfield is a specialist postgraduate university that is a global leader for education and transformational research in technology and management. We are focused on the specialist themes of aerospace, defence and security, energy and power, environment and agrifood, manufacturing, transport systems, and water. Cranfield School of Management is world leader in management education and research. We are home to many world-class, large-scale facilities which enhance our teaching and research. We are the only university in Europe to own and run an airport and to have airline status. Cranfield teaches over 4,500 postgraduate students each year and employs 1,500 academic and support staff. We have the largest number of engineering master’s students in the UK. Our staff-to-student ratio is one of the best for any university in the UK (one member of academic staff to every seven students). We work closely with business, industry and government across the world. Through our industry partnerships, applied research projects and our executive education and professional development programmes, we currently work with over 1,500 companies and organisations. We are ranked number one in the UK for research income from industry per academic, with 81% of our research classed as world-leading or internationally excellent by REF (Research Excellence Framework, 2014). We formed in 1946 as the College of Aeronautics, the first postgraduate college of its kind. The School of Management was founded in 1967. www.cranfield.ac.uk/