Lessons Learned from a Successful Device Visibility Deployment: Hillsborough Community College

The ever-increasing digital nature of education coupled with diverse populations of students, professors and support staff posed formidable cybersecurity challenges for Hillsborough Community College's information security specialists who sought to offer users secure wired and wireless network access with minimal inconvenience.

by Shawn Rodriguez, ForeScout Technologies / June 25, 2018 0
Shutterstock

 

Hillsborough Community College (HCC) in Tampa Bay, Florida has grown into one of Florida’s largest higher education institutions. Its 2,600 faculty and staff members serve more than 47,000 students annually across five campuses and three academic centers. The ever-increasing digital nature of education coupled with diverse populations of students, professors and support staff posed formidable cybersecurity challenges for HCC’s information security specialists who sought to offer users secure wired and wireless network access with minimal inconvenience.

Like all college students, HCC students need connectivity and want to stay mobile, which is even more important given that the college’s facilities span 850 acres and more than 64 buildings. Students previously could go anywhere they wanted on the network and connect with any device which posed significant risks to HCC’s security posture.  Ken Compres, HCC’s senior network security and integration engineer/chief security officer, recalled “we were totally blind as to what systems and devices were live on the network. My first task was to get some sort of visibility so that we could start to classify devices and begin tightening network access controls to secure the college.” Compres and his team began evaluating network access and control solutions, embarking on an ambitious review process that included offerings from the five leading vendors at that time.  At the same time, Compres had some reservations noting that “with a network access control solution, you don’t want to put something on the network that would hinder the user experience, break peoples’ computers or become overly intrusive to users. In addition, you need to fully understand how easily the technologies integrate into your existing environment.”

The HCC team chose ForeScout CounterACT® after extensive evaluation,. Several factors led to their decision. “Agentless visibility offers a huge advantage, and CounterACT was the only one that supported agentless operation,” said Compres. “CounterACT, allowed us to gain the necessary insight into the network by integrating with existing technologies and components. In addition, a second finalist began crashing and preventing computers from communicating with anything else, so it was a no-brainer to go with ForeScout,” added Compres.

CounterACT sees desktops, laptops, tablets, smartphones, sensors, network infrastructure, peripherals and wearable devices—without requiring existing management agents. That’s a major advantage over Compres’ early days at HCC. “Today we know what’s on our network—including IoT devices such as printers, VoIP* phones and security cameras. CounterACT classifies the device and slips it onto the appropriate VLAN segment,” said Compres.

Implementing CounterACT® and its integration with other security vendors has already proven its worth for HCC. Recently, a HCC user downloaded a malicious payload via email. Compres recalled “it was a zero-day payload that our antivirus software missed. Immediately, we started seeing a higher-than-normal volume of email being sent from that user’s mailbox. The integration we have with ForeScout and FireEye quickly determined the system was attempting malicious attacks against other network resources and allowed us to stop the system before it caused any damage. That same attack hit a neighboring county and brought down a critical departmental email server for two days.” It should be noted that the neighboring county was not using ForeScout’s CounterACT.

Students connect an average of four to six devices to a university network, ranging from laptops to gaming systems. IT security staff in colleges and universities must be able to see devices as they connect to the campus network and ensure they are secure, regardless of their location in the classroom, lab, data center or cloud. Non-compliance with regulatory standards or a significant data breach can result in the loss of federal research funding and student aid, as well as irreparable reputational harm. Deploying a network access control solution such as ForeScout’s CounterACT allows colleges and universities to discover devices as they connect to the campus network, helping to ensure that such devices are compliant with the institution’s policies and to secure IT and OT networks as they converge.

 

Author

Shawn Rodriguez
Regional Vice President, U.S State & Local Government and Education
ForeScout Technologies Inc.