The University of Tampa’s (UT’s) globally connected campus is home to distinguished faculty and more than 8,000 students from all 50 states and 140 countries. When phishing and other types of email-based attacks began overwhelming faculty and staff, UT fought back. It turned to Proofpoint to help it make email protection a top priority.
When UT’s Chief Information Officer and Chief Information Security Officer, Tammy Clark, first arrived on campus, she noticed right away that there seemed to be a lot more spam and phishing emails getting through Office 365 than expected. Although Microsoft said that it was monitoring email with security solutions, there were lots of phishing emails that were never flagged. To the UT team, it was obvious that the emails were from other countries, intruders, or users at other universities whose machines had been hacked, but they had no way to change Microsoft’s monitoring to make it more effective.
“More than 85% of incoming email at higher education institutions is not valid,” Clark said. “There is more spam than phishing, but phishing is much more dangerous. It’s very difficult to defend against it, because even the best security awareness program won’t stop users from clicking on something. And it only takes one click to compromise the university.”
The wake-up call came when staff in UT’s payroll office received a phishing message instructing them to make an electronic funds transfer. Fortunately, they suspected that it was a hoax and called Clark, and the security team stopped it. When news of the phish reached the university’s CFO and President, stronger email protection became a top priority.
IMPROVING CONTROL AND SECURITY INCIDENT RESPONSE
Clark and her team searched for better email protection with specific requirements in mind. First, they needed a solution that delivered the in-depth security visibility and controls needed by security-trained incident response investigators. They wanted a solution that could dynamically block malicious URLs and identify suspicious email attachments. Email administrators were concerned that inserting a solution into the email flow would delay email delivery, so the new solution had to work effectively without affecting email delivery. And with already-strained resources, the new solution had to be easy to deploy and manage.
UT investigated several options, but they were difficult to deploy, too expensive, or needed too much management and oversight. Then the team called Proofpoint. They arranged a proof of concept, testing Proofpoint Email Protection and Proofpoint Targeted Attack Protection (TAP) with URL Defense and Attachment Defense.
“With Proofpoint, we watched the spam and phishing statistics drop dramatically with no impact to email flow,” Clark said. “It cut back on so much junk that valid email actually was delivered more efficiently. It was easy for us to implement and reasonably priced, so we went for it.”
A NIGHT AND DAY DIFFERENCE
UT reduced spam and phishing messages by close to 99%. The change was so dramatic that faculty soon couldn’t remember the last time they received spam or a phish. Clark says that the shift completely changed people’s mindset about email.
“Before Proofpoint, faculty and staff felt bombarded by threats,” Clark said. “They got used to seeing so much junk and having to filter out valid messages, but they were always worried that they might miss something. Now, they rarely see anything questionable, and when they do, they recognize it. It’s a much better way to deliver an email service.”
TAP with URL Defense also significantly reduced the number of incidents that the security team has to address. It keeps malware at a minimum and blocks access to sites that are known to be malicious—or that become malicious.
BETTER VISIBILITY FOR GREATER INSIGHT
Prior to Proofpoint, the information security team had no visibility into Office 365, so every security issue was called in to Microsoft, and getting answers could take weeks. By then it was too late. Now the security team can see emails received, emails blocked, URLs blocked, and clicks, which gives them an immediate handle on specific threats and trends.
UT’s email administrators also use Proofpoint, making email security a collaborative effort. Email administrators can see what Proofpoint sees and what Office 365 might miss, so they can provide that information to Microsoft to help enhance performance.
“People still make mistakes, but we can see it and quickly do something about it before it’s too late,” Clark said. “If four people get the same phish, we can cut off any communication that attackers try to establish. That’s really what you’re looking for in an effective solution.”
HIGHER TEAM EFFICIENCY
With Proofpoint, the UT’s information technology technicians are freed from reimaging multiple PCs due to phishing attacks. Fewer security incidents let the information security team focus on ongoing security awareness, risk assessment, and other key initiatives.
“I talk to peers at other universities who are still debating about training users to recognize phishing attacks,” Clark said. “We don’t have to do that, because we eliminated most of the phishing. That’s a better approach than trying to train users to recognize thousands of ever-evolving phishing emails.”
MAINTAINING ISO CERTIFICATION
Clark believes that UT is one of few American universities that are ISO 27001-certified. It has implemented 114 specific controls and is audited annually. Proofpoint gives UT the evidence it needs to demonstrate how it has reduced phishing and spam by almost 99%, helping simplify compliance reporting.
“Proofpoint is doing its job, so it’s paid for itself already,” Clark said. “Not only that, but the UT president and executives sleep better at night too, and that alone is worth its weight in gold.”