computer first logged on, how long it's been on the network, which applications are running -- and checks for the patch levels to make sure they are up to date. "We do a virus scan on every new device that comes in," Hunter said. SpiderISA also automatically scans any computing device that returns to a campus for recently installed software -- including spyware or similar malicious software.
All computers are checked before they are attached to the network, Hunter said. "It looks for any virus software running on the computer. If it's not at the latest patch level, it's quarantined and not allowed on the LAN."
SpiderISA was rolled out at the end of the 2005-2006 school year, and has had some positive effects on the schools' network. "We now have a central infrastructure and security Web department," he said. "The tool saves us a lot in terms of manpower and visibility." After the start of the new school year, he expects more opportunities to evaluate the appliance's impact on overall security and identify possible cost savings.
Don't Patch, Re-Engineer
Richard Campbell, founder of Securiant, developed the product to address growing security concerns. "We've built a platform specifically designed for the mid-size organization," he said. "We've integrated about 12 different security features into a single platform, which helps schools get away from the problem of buying different products from different vendors."
Mid-size organizations don't have time or resources to manage complex security needs, Campbell added. "Usually they have to deploy and manage a number of security products, and pay annual maintenance."
Campbell said the SpiderISA is versatile and comprehensive, and while technology departments might initially only run a few of its available features, the management interface and training will be the same, regardless of how the tool is used -- whether to protect students or prevent spam from coming in.
SpiderISA automatically detects each device connected to the network. "With that information, modules automatically monitor the traffic and track things in the network hour to hour, week to week," said Campbell. "You put it in, configure it and go."
Campbell compared the DeKalb County schools' network to an in-home alarm system. "When you get ready to leave your house in the morning, you punch a couple of buttons, and your entire home is protected using many different sensors. The way security is today, and typically in school networks, it's as if all those individual sensors have a different control panel. That is frustrating and confusing." Instead, the SpiderISA tool integrates all computers on a network.
Campbell provided a real-life example from another school district, where worms were wreaking havoc. "They brought in two vendors to fix the problem, and after two weeks, the vendors gave up and said computers needed to be manually patched. That was impractical," he said. "We brought one Spider with us and it took us about 45 minutes to identify all the computers on the network and another hour to fix the problem."