Making the grade
When Michigan State University CISO Seth Edgar strides through the stately, tree-lined walkways of his campus, he sees more than a college. He sees a miniature city.
“We house almost every industry under the sun,” he says, pointing out examples as he leads an impromptu tour of the school grounds. The school operates more 26 healthcare centers. It has its own power plant, water treatment facility, police and fire departments. It boasts two major sports venues and a performing arts center. It sells more T-shirts than most T-shirt outlets. It even has its own underground subatomic-particle accelerator for advanced physics research.
And Edgar is responsible for securing all of it. It’s a daunting mission: protect 50,000 students, 5,700 faculty and staff, and 7,200 support workers in 566 buildings spread across the 5,200-acre campus and beyond.
When it comes to cybersecurity, education isn’t just a vertical market. It’s a multitude of them—municipal government, retail, entertainment, technology, energy, sanitation, food processing, agriculture, real estate, hospitality, logistics, to name a few.
“There aren’t too many industries we don’t touch,” Edgar says. “Keeping all of that up and running, and with a finite number of dollars to do so, is a non-trivial challenge.”
Cybersecurity can be especially tricky in university settings, adds MSU Incident Response Analyst Jim Beckmeyer.
Students, by far the security team’s biggest constituency, are a constantly shifting population. They bring all sorts of devices into the campus environment. They expect an open network, easy digital collaboration and access to their digital resources. And unlike most corporate users, they demand absolute privacy.
“You have a lot more control in a corporate environment,” Beckmeyer says. “But in a university setting, users aren’t always your employees. You don’t mandate their work lives, and you don’t own their property.”
Jacob McDowell, a junior studying media information student and director of IT for MSU’s student body government, agrees. He says cybersecurity is an afterthought to most students.
“Students are the focus of a lot of attacks,” he said. “And they tend to be more vulnerable.”
Beyond its sheer size, MSU’s national prominence makes it an appealing target for all kinds of cyber attackers. And because running a school involves so many industry types, these threats span a wide gamut. Corporate and government spies may seek to steal research and intellectual property one day; cyber criminals might try to scam students with fake ticket sales the next.
Stop deep today’s most advanced cyber threats and get insight and intelligence about which users they are targeting
Stop spam and malicious email and let users manage bulk mail
Automate incident response to contain and remediate attacks more quickly
Protect a growing share of infrastructure and data in the cloud
ATTACKS TARGET PEOPLE
Even as the volume of attacks expands, the nature of those attacks is changing, says Beckmeyer, the incident response manager.
Attackers used to focus on exploiting infrastructure. Now they target people.
“We’ve seen quite an increase in phishing attacks—not just in the amount but in the sophistication,” he says. “Spear phishing used to be a unique event. Now it’s commonplace.”
Attackers are targeting individual people more than they used to, he says. And even when they target groups, it’s clear that they have researched the people they’re trying to reach.
In response, MSU’s security team has taken a more a people-centric approach to protecting them, Edgar says.
“MSU’s shift away from just protecting ‘things’ to really focusing on people is indicative of the shift in a changing boundary of security,” he said. “That boundary has gotten very personal, very quickly.”
As part of that effort, the school enlisted Proofpoint and its people-centric suite of cybersecurity products, starting with email.
James Beckmeyer, Digital Forensics and Incident Response, MSU
Proofpoint Targeted Attack Protection helps manage bulk mail and stop advanced threats before they reach users’ inboxes. Proofpoint Email protection help users avoid spam and fine-tune the bulk mail they do want to see. And Proofpoint Threat Response Auto Pull automatically removes unsafe email from users’ inboxes—even after it’s been delivered or forwarded to other MSU accounts.
The results were almost immediate. After deploying Proofpoint campus-wide, the university saw a dramatic drop in the volume of security incidents his team needed to deal with.
“Email is a primary attack vector,” Edgar said. “Using the Proofpoint toolset to see those attacks and quickly catch them has allowed my team—many of my most talented resources—to focus on other things.”
For example, Proofpoint’s forensic analysis of malware attachment includes information on the sender, how the attack campaign is structured, and more—insight that MSU didn’t have before.
“That gives us as incident responders the ability to focus our attention on some of the more complex tasks—really getting to the root of an attack—rather than dealing with repetitive things, like manually blocking IP addresses and senders,” he says.
We have to be able to see the latest trends and adapt to them as quickly as possible.
Seth Edgar, MSU Chief Information Security Officer
As more of the university’s infrastructure and departments move to the cloud (sometimes without the IT team’s prior knowledge), Edgar’s team has moved quickly to keep it secure, too.
“We have to embrace cloud technologies,” Edgar said. “We have to look at secure ways to integrate cloud technologies into our current platforms so that we can be adaptable and meet users’ needs.”
To that end, MSU uses Proofpoint Cloud Access Security Broker (CASB), which protects users’ accounts against takeovers, unsanctioned access from cloud apps, and leaks of sensitive data. As an added layer of protection, the university has also deployed Proofpoint Internal Mail Defense, which stops unsafe email from legitimate but potentially compromised MSU accounts.
Together, the technologies have helped the team adapt quickly to new and changing threats. Those capabilities—along with customer service that Edgar says has gone the extra mile—have been key to protecting the university against not just today’s attacks, but future threats as well.
“When you house something like 20 industries under the same roof, you really, really have to be ahead of the curve,” Edgar said. “We have to be able to see the latest trends and adapt to them as quickly as possible. With a finite security team and budget, I have to have partners to help me do that.”