Council Rock School District Deploys Integrated Network Security System

Council Rock School District (CRSD) in Pennsylvania has implemented an integrated system to help IT staff identify and resolve network security issues for its 15 schools, 13,000 students and staff, and 5,000 devices.

While the district is concerned about threats to network security from external sources, hacking by CSRD students has also presented a challenge in recent years. In an effort to gain greater visibility into network activity, so IT staff could see exactly what was happening and where, they first implemented an open source tool. Within a couple of days, the tool identified more than 400,000 security incidents, far more than the IT staff could possibly analyze and resolve.

The network security team turned to the Critical Security Controls document from the SANS Institute for help. Using the document as a best practices guide, the team came up with an integrated approach to network security. That integrated solution included the Lancope StealthWatch System and an endpoint detection and response (EDR) system from Ziften. According to information from the companies, the Lancope system can detect abnormal network activity and then trigger an alert, and then CRSD staff can use Ziften to identify the specific desktop, laptop or server where the incident occurred and view the network activity to determine whether it's a threat.

One of the first things the team did with the new system was to establish a baseline of normal network behavior. That analysis revealed that many of the 400,000 security incidents previously identified were actually normal network activity, such as teachers streaming YouTube videos as part of their lessons. The team was then able to focus its attention on actual threats, such as a recent incident when malware attempted to propagate a botnet on the network, potentially disrupting network performance. The IT staff isolated and deleted the threat in about five minutes.

"Now, when something is abnormal, I don’t even have to be at my desk to see it because these tools will send me an alert on my phone. I can then log in to determine whether it’s an actual threat or not," said Matthew Frederickson, director of Information Technology for CRSD, in a prepared statement. "By knowing what is normal, I can quickly identify, address and remediate the abnormal.”

The IT team also uses the system for capacity planning. The system helps them identify which specific computers need to be replaced or which switches are affecting bandwidth, so they can present that information to the board as evidence for requests for updated equipment.

About the Author

Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].