The Sallie B. Howard School for the Arts and Education (SBH), like many schools, is struggling to keep up with the times. To prepare students for life after school, the integration of technology is a must. However, relying on technology creates risks.
This was the problem Soron Foster, technology support specialist for SBH, needed to address. As students relied more heavily on computers and the Internet, teachers and administrators were noticing that much of the activity wasn’t school-related.
The knee-jerk reaction would be to severely limit Internet access. Foster knew better. Located in Wilson, NC, which is about a half hour east of Raleigh, SBH is a charter school that serves many underprivileged students who have few creative outlets. The Internet is both a vital learning tool and creative one as well: Foster needed to control its capabilities without limiting the student’s potential.
“We’re an arts school,” said Foster. “Our students are doing much more than run-of-the-mill research for reports. They’re calling up reference images for art projects. They’re studying videos of modern dance, and students are using programs like GarageBand to help them compose their own music.”
Unfortunately, the existing security that was in place was not keeping in lock step with the way students were using the Internet. Viruses had slipped through, and non-education-related sites were seeing heavy traffic.
Even with URL blocking in place, a supposedly trusted site could have been compromised and contain malicious code. A new and inappropriate site could fall through the cracks, not yet blacklisted. Technically savvy students had already found ways to bypass the school’s defenses.
It’s Not Secure if It’s Easy to Bypass
When Foster started working at SBH, the school had two security solutions in place, but found that they didn’t protect against zero-day threats, didn’t offer centralized administration and didn’t allow administrators to drill down into the specifics of flagged incidents. Foster also found that students were finding ways around the content filtering. Some students used proxies to reach blocked sites such as MySpace.
Students weren’t the only problem. Teachers also put the network at risk. Since their existing email protection was a blunt instrument, several teachers had clicked on email links and attachments. “They fell for a social engineering attack that told them that someone had sent them a Hallmark e-card,” Foster said.
As a result, several email accounts were turned into Botnet zombies, which were later used by attackers to send out spam. As is typical with zombie attacks, the infection evaded detection because it occurred late at night when the school was not in session.
Selection Criteria: Finding an Endpoint Security Product that Protects Different Types of User
Foster knew that the school’s security needed to be upgraded.
“Our users have a wide range of capabilities,” Foster said. “Some have little experience with technology and can easily be duped by social-engineering attacks. Others are computer whizzes. We needed a security solution with enough flexible features to address both types.”
As he was investigating various solutions, Foster learned about eEye Digital Security on a podcast.
The Answer: Integrated Threat Management
What Foster found was something he was looking for – zero-day protection, centralized management and behavior-based settings, rather than signature-based, protection – at a much lower price point than other solutions he had considered.
“The zero-day protection is critical,” Foster said. “Even when you don’t have all of your patches up to date, eEye Blink still protects you. That certainly makes my job easier.”
While Blink can operate as a standalone, it is designed to work with the REM management console. REM acts as a correlation engine – the brains of the operation. With REM in place, Blink agents throughout the network can report back and correlate threats, policy abuses and attack vectors.
Central Administration Key
Since the school’s infrastructure hadn’t been upgraded in a while, the deployment was a little trickier than usual. Network setting had to be updated and patches had to be deployed.
“It took a little time to get the network settings right, but the vendor stepped in and walked us through it,” Foster said.
Foster realized that he could streamline his workflow. “We didn’t have central administration previously. Updates and patches were done manually. Policy changes were also manual.” In a school with 328 PCs, it’s easy to see how patches would fall out of date and why policies would remain static.
Foster also gained visibility into each and every PC. “When I go into the console, the first thing I see is a report. It graphically shows me exactly what’s going on that day. I see network activity. I see our vulnerabilities, and I see the risks associated with them,” he said. In other words, students trying to get access to restricted sites through proxies would now hit a wall. Proxies are detected and the sites blocked.
Achieving ROI
SBH saved money with his security approach right from the start. “Our choice was to settle for something more than your typical antivirus program,” Foster said. “Along with antivirus, we got a firewall, system protection, zero-day protection and centralized administration – for a lower price than most antivirus programs alone.”
SBH also saves money by saving time. “The last time we were hit by an email virus, I spent a couple of days going from machine to machine to machine. All of the fixes had to be done manually,” Foster said.
Upon installation the solution found viruses that had been evading detection. These were from the Hallmark email mentioned earlier. When spam engines woke up late at night and tried to send out spam, Blink blocked them. Foster was alerted to the activity, and the process of patching PCs was centralized. The software then pointed out vulnerabilities on the school’s SMTP server and suggested email policy changes. Foster immediately made the changes yet before patches were applied and configurations changed, the system protected against suspicious behaviors.
