Council Rock School District Deploys Integrated Network Security System
Council Rock School District (CRSD) in
Pennsylvania has implemented an integrated system to help IT staff identify and
resolve network security issues for its 15 schools, 13,000 students and staff,
and 5,000 devices.
While the district is concerned about threats to network security from
external sources, hacking by CSRD students has also presented a challenge in
recent years. In an effort to gain greater visibility into network activity, so
IT staff could see exactly what was happening and where, they first implemented
an open source tool. Within a couple of days, the tool identified more than
400,000 security incidents, far more than the IT staff could possibly analyze
and resolve.
The network security team turned to the Critical Security
Controls document from the SANS
Institute for help. Using the document as a best practices guide, the team
came up with an integrated approach to network security. That integrated
solution included the Lancope StealthWatch
System and an endpoint detection and response (EDR) system from Ziften. According to information from the
companies, the Lancope system can detect abnormal network activity and then
trigger an alert, and then CRSD staff can use Ziften to identify the specific
desktop, laptop or server where the incident occurred and view the network
activity to determine whether it's a threat.
One of the first things the team did with the new system was to establish a
baseline of normal network behavior. That analysis revealed that many of the
400,000 security incidents previously identified were actually normal network
activity, such as teachers streaming YouTube videos as part of their lessons.
The team was then able to focus its attention on actual threats, such as a
recent incident when malware attempted to propagate a botnet on the network,
potentially disrupting network performance. The IT staff isolated and deleted
the threat in about five minutes.
"Now, when something is abnormal, I don’t even have to be at my desk
to see it because these tools will send me an alert on my phone. I can then log
in to determine whether it’s an actual threat or not," said Matthew
Frederickson, director of Information Technology for CRSD, in a prepared
statement. "By knowing what is normal, I can quickly identify, address and
remediate the abnormal.”
The IT team also uses the system for capacity planning. The system helps
them identify which specific computers need to be replaced or which switches
are affecting bandwidth, so they can present that information to the board as
evidence for requests for updated equipment.
About the Author
Leila Meyer is a technology writer based in British Columbia. She can be reached at [email protected].