Modern organizations face complex cyberthreats as attackers use ever more sophisticated methods to bypass security defenses. How do you balance the need for proactive protection against such attacks with the need for flexibility and freedom in a large, international university population?
This was the challenge that confronted Tunghai University’s Computer Center team. The university has embraced digital learning and built a smart campus that provides students and staff with free high-speed wireless Internet access both on and off campus. At the start of every academic year, students arrive and connect their laptops to the university's network.
However, because the IT policy did not mandate the installation of antivirus on students’ devices, many of the laptops were infected with malware. These compromised devices caused on-and off-campus networks to crash, consumed excessive bandwidth, and generated malicious botnet traffic. In addition, the malware moved laterally into university-managed computers, resulting in the university receiving notifications from the Taichung Network Regional Center that the Tunghai University network had been attacked and that its network was making abnormal connections.
"The Computer Center provided information security training and would urge students and faculty staff not to click any strange links in emails or on web pages,” says Network Technology Director Chien-Hui Ou. “But attackers kept coming up with increasingly devious tactics that made it hard for users to tell right away whether something was legitimate, which ultimately meant users became victims of the attacks."
"Traditional antivirus software and information security solutions that rely on analyzing and identifying malicious code isn’t timely enough. If a new malware variant appears on the scene and antivirus vendors haven’t yet figured out its code and updated signatures, the malware will not be detected,” says Kuang-Chin Chang of the Tunghai University Network Group. “And because of the trend toward encrypting web traffic, attackers are also now using these encrypted channels to launch attacks, making zero-day attacks increasingly harder to stop."
Realizing that the university needed to improve its existing security posture, the Computer Center team started to look at products that leveraged DNS as a security control point. They felt that this approach would allow the university to improve its overall security without impact on the need to maintain academic freedom.
Through a competitive evaluation process, the university selected Akamai Enterprise Threat Protector (ETP) as its preferred solution. Enterprise Threat Protector is a cloud-based service that proactively protects a network and its users by analyzing every single DNS request. Each query is compared with real-time threat intelligence gleaned from Akamai's unparalleled visibility of Internet traffic — before blocking or delivering the requested web content.
"Enterprise Threat Protector detects and blocks DNS requests to domains that might deliver malicious content such as ransomware or coin-mining malware, or steal user information," says Chang. "Even if a student’s computer is compromised with malware during off campus use, the malware will still be unable to connect externally to the attackers command and control server (C2) when the computer returns to the campus network."
Before Enterprise Threat Protector, mitigating an information security incident was a difficult task. Once a report of an abnormal connection was received, network management staff would often have to use IP addresses to track down the compromised computer, find connection records from log files to convince the affected party that an incident had occurred, and then ask the party to cooperate with the virus-cleaning procedures.
"That was why it took about a week to resolve an incident. And it took up a huge amount of our security resources," says Chang. "However, after deploying Enterprise Threat Protector, the number of reported security incidents plummeted, which has freed up our resources to look at other security projects."
Chang adds, "Enterprise Threat Protector is especially quick and easy to deploy and configure, distinguishing it from traditional physical equipment, which requires disconnecting from the network first, then testing, before a system can go live. With Enterprise Threat Protector, you simply point your DNS traffic directly to the Akamai platform and the process is completed in a matter of minutes."
Director Ou notes, "Enterprise Threat Protector automatically provides detailed incident reports so that the security team can quickly understand what malware the client computers have been infected with or what web links were clicked on before computers were infected by coin-mining malware. The data integrates with our SIEM, so the reports also help the team understand any recent abnormal network activity so we can proactively respond."
Chao-Tung Yang, Director, Electronic Computer Center, Tunghai University, emphasizes strategic benefits. "Information security is important now and will be more and more important in the future as digital applications grow. Tunghai has always prioritized protecting IT applications and information security, and the university president supports investing in information security."
Yang continues, "When one steps back and looks at IT's current direction of growth, it's clear that cloud-based services are here to stay. Previous defense systems were deployed with a combination of software and hardware, and maintaining them, updating patches, et cetera, required labor and time."
Akamai’s cloud-based services change that, allowing a total reduction in maintenance labor. Yang is optimistic about the future of cloud-based information security services, stating, "Not only will they reduce labor, they’ll also reduce the need for space in physical computer rooms and save on air conditioning and electricity. This aligns with the Computer Center’s bid to reduce the amount of energy used for equipment rooms."
"As for the cost, using cloud-based services, unlike purchasing physical equipment outright, doesn't require a big one-time outlay of funds," says Yang. "Because it’s leased annually, Enterprise Threat Protector is easier for universities to afford."
"The work of information security is never done. But with Enterprise Threat Protector, the amount of incident management work is greatly reduced, leaving more capacity for strengthening defenses against botnet attacks and more comprehensive activity analyses," concluded Yang.
Tunghai University was founded in 1955 and was the first private university in Taiwan. The university is the first and only educational institution with a complete education program from kindergarten to Ph.D. Tunghai currently has nine colleges: College of Arts, College of Science, College of Engineering, College of Management, College of Social Sciences, College of Agriculture, College of Fine Arts and Creative Design, College of Law, and International College. Tunghai has a student body of approximately 17,000 students and nearly 500 teachers.