If you’re a threat actor looking for a trove of intellectual property, personal data and human entry points, you’d be hard pressed to find a more target-rich environment than a university setting.
With valuable data and thousands of students, faculty and staff to exploit, universities have become prime targets for cyber criminals and even state-sponsored advanced persistent threats (APTs). It’s no wonder the education sector has seen a stark rise in cyber attacks in recent years, including ransomware, business email compromise (BEC) and phishing.
As head of information security at King Abdullah University of Science and Technology (KAUST), Ayad (Ed) Sleiman deals with these threats every day. Because today’s attacks target people, he says, the education sector must take a people-centric approach to stopping them.
Ed recently spoke with us about the rise of people-based risk and “the human firewall” he uses to manage them.
A growing challenge
For research universities like KAUST, the need to exchange information makes the challenge to protect it even greater. KAUST is a graduate research university occupying a vast city campus in Thuwal, Saudi Arabia, on the banks of the Red Sea. Among the city’s 8,000+ residents are students, postdocs, professors, and other university staff and their family members—not to mention some of the world’s brightest research minds from over 120 countries.
This leaves the security team tasked with enabling open, seamless collaboration with organizations around the world, as well as protecting the university’s residents in their personal time.
“Our researchers need to be open and collaborative with a lot of other institutions around the world,” Sleiman explained. “What complicates this even more is the fact that we live in a city. Staff, professors and others all want to be able to access everything from their homes—whether it’s work applications, streaming services or games. So, as well as running a campus, we’re also running an ISP.”
When protecting such a broad and varied attack surface, perimeter protections and controls can only do so much. KAUST understands that as most attacks target people, the university’s people are the strongest line of defense for keeping malicious actors at bay.
“We’ve started a program called the human firewall,” said Sleiman. “It basically looks at monitoring and classifying the behavior of users on the network, then giving them a score attributed to their behavior. So, if a user has never clicked a simulated or real phish or violated any of the security policies, then they would have a positive score. This allows us to group users based on risk.”
Enhancing the human firewall
People-centric cybersecurity solutions from Proofpoint allow KAUST to dig deeper into user behavior, flag the most attacked users, and deliver the right training to the right people at the right time. With unique and powerful insights into the university’s Very Attacked People™ (VAPs), KAUST can assess its position in the threat landscape, deploy controls and confidently adapt its security posture.
“The beauty of the Proofpoint platform is that it allows us to look at a risk and also the threat coupled with the vulnerability,” said Kleiman. “So, we can tell who is clicking on a page and who is vulnerable. But we also know the threats they are facing. By combining this information, it creates a better risk score that is more honed to allow us to deliver even better awareness for those most attacked.”
While equipping its people to protect its data and networks is at the heart of KAUST’s security philosophy, it is just one facet of a multi-layered approach. Proofpoint solutions have allowed the university to complement its human firewall with targeted attack prevention and threat response to block threats before they reach the inbox and quarantine any malicious email that may still get through.
“Before we had Proofpoint, Shamoon 2 hit Saudi Arabia, devastating a lot of government and private institutions,” said Sleiman. “One of our human firewalls picked that up in 17 seconds. But let’s say it happened in the middle of the night. We don’t have a 24/7 human firewall. So, if users were not on the lookout in the morning and clicked on that email, we’d have been dead, because it was a zero-day exploit.”
He continues, “Now, with Proofpoint, that email would be pulled out automatically. So, even users who may not be very well-trained are protected.”
Completing the puzzle
Protecting such a large institution with complex needs is understandably the job of more than one security vendor. But because it faces a barrage of attacks on a daily basis, the university needs real-time insight into its current position. It can’t afford to deal with siloed data across disparate systems.
For a security solution to work in this environment, it must offer seamless integration to give KAUST’s security team a single, at-a-glance view of its security posture with deep insight into its users at any given time.
“There are tons of security tools out there, from endpoint to application security, to email security. All of these have to work together,” Sleiman said. “One thing that I like about the Proofpoint platform is that it allows us to complete the puzzle. Proofpoint integrates with out-of-the-box firewalls and a bunch of vendors listed on its website. So, we were able to find the vendors that we deal with and then create this integrated platform for us to be able to see exactly where we are in terms of security.”
Read our KAUST customer story in full to hear more from Ayad Sleiman.
Email is the number one threat vector for inbound threats
Get your free copy of New Perimeters—Protect people. Defend data.
Want to read more articles like this one? Get the latest cybersecurity insights in New Perimeters, the exclusive magazine from Proofpoint. You can browse it online, download it to read later, or receive a copy in print, direct to your door. Get your copy of New Perimeters now.
Subscribe to the Proofpoint Blog