Lessons Learned from Successful Device Visibility Deployment: Queens College

Queens College is a senior college of the City University of New York, the third largest university system in the U.S. in terms of enrollment. With a faculty and staff of 5,000 and a student population of nearly 20,000, the school was inundated with not only a large number of college-owned devices but also the powerful surge of the bring your own device (BYOD) trend in recent years as well. Queens College’s network was also facing an outbreak of more sophisticated threats, including zero-day attacks and it was not uncommon for hundreds of computers on the network to be regularly infected resulting in the  spread of malware to other machines. Malware and other threats even consumed enough bandwidth to take the college network services offline. The college’s IT and asset management teams desperately needed a solution that would not only let them better manage and organize corporate assets, but also improve their security profile with more complete visibility and control.

The Queens College’s IT team led a search for a visibility platform that would fit their needs and ultimately turned to ForeScout. The deployment of ForeScout immediately helped to temper the persistent malware outbreaks. The school’s Director of Network Services and Internet Security Officer, Morris Altman, noted “once we had ForeScout in place, the first time a new worm broke out, we had only three computers that became infected. They were immediately isolated and the infection was contained. Additionally, those three users were automatically notified about the problem, and instructed to call our help desk so we could fix it. Instead of weeks, the problem was solved in less than a day and had minimal impact on our students, faculty and staff.”

Before ForeScout, Altman recounts “we really didn’t have an idea of how many devices were on our networks. We now know that we have about 6,000 wireless and 5,000 wired endpoints at any given time. This helps when deploying policies, for instance. You monitor, learn and then make educated decisions.” The networking team is now able to see what version of software and operating systems users are running on their endpoints, which tells them how many devices are on the network, the type of devices, and if they have vulnerabilities, such as out-of-date software. IT teams can now utilize this data to notify students and faculty when their machines are lacking up-to- date software, including common applications that often become infected such as Adobe Flash Player, Adobe Reader and Java. This also supports compliance with the Family Educational Rights and Privacy Act (FERPA) by keeping all endpoints up-to-date, which allows the school to reduce the risk of information disclosure.

The school must also comply with the Digital Rights Millennium Copyright Act. The ForeScout platform assists IT in enforcing take-down notices for music and movies. The college is able to use ForeScout to block noncompliant users and avoid copyright violations.

 

Deploying ForeScout has produced benefits across the entire IT team at Queens College. Asset management uses it for visibility into the network, the endpoint team monitors device posture, the help desk examines what’s occuring with devices when issues are reported, and the network and security teams constantly monitor for risks and exposures. Students and staff can even use ForeScout desktop support for personal patches. Most importantly, network downtime has dramatically decreased with the college’s network running without issue nearly 100 percent of the time. 

 

Author

Shawn Rodriguez
Regional Vice President, U.S State & Local Government and Education
ForeScout Technologies Inc.