Yale Successfully Defends Against Cyber Threats
- Stop ransomware, spam, and phishing attacks from entering users’ mailboxes
- Improve the university’s email reputation score
- Increase situational awareness
- Reclaim time spent remediating the impact of cyber threats for more proactive projects
- Proofpoint Email Protection
- Proofpoint Targeted Attack Protection
- Stops 300,000 to 500,000 pieces of ransomware per week
- Significantly reduced phishing emails and clicks
- Reduced compromised accounts from 200 per month to fewer than 12
- Gained detailed visibility into threats, impact, and trends
Chartered in 1701, Yale University has achieved monumental milestones and forged traditions for more than 300 years. Today, Yale is a large research university with more than 16,000 students and scholars, more than 4,000 faculty members, and a wide array of programs, departments, and affiliated organizations. The university is protecting its mission with a proactive approach to cyber security and the threats that come against it.
When Richard Mikelinich, Chief Information Security Officer at Yale University arrived on campus in 2011, he decided that Yale “needed an enterprise-class email gateway, and we looked to Gartner for recommendations. When we saw Gartner’s review of Proofpoint and learned more about it, including references, we chose Proofpoint Email Protection for our solution.”
Complementing the Cloud
Yale was also in the process of migrating some of its systems to the cloud. The university had migrated its email system to Microsoft Office 365 to reduce the cost, support requirements, and data center footprint associated with Exchange servers. Proofpoint Email Protection is deployed behind the university’s Palo Alto Networks Wildfire solution and in front of Office 365, giving the security team much greater email defense and better situational awareness.
“The change was dramatic,” Mikelinich said. “Spam disappeared as we fine-tuned spam identification filters. Next, we turned on outbound protection to eliminate persistent reputation score problems. It made a huge difference.”
With outbound email protection in place, the security team focused on reducing phishing attacks and their consequences. At the time, phishing emails led to more than 200 compromised accounts per month. Mikelinich lobbied for deploying Proofpoint Targeted Attack Protection (TAP), and his request was approved quickly. The university integrated TAP with Palo Alto Networks Wild re using simple API key-based activation. By combining the two solutions, both companies’ cloud-based malware analysis can automatically align protection across the Proofpoint email gateway and the Palo Alto Networks firewall.
Right away, TAP reduced account compromises from 200 a month to fewer than 12. For the few phish that got through, Yale opened a support ticket with Proofpoint so that the phish would be documented and added into TAP protection for everyone’s benefit.
“If someone complains about getting a phishing email, I can show them the math,” Mikelinich said. “As just one example, we saw 200,000 phishing attempts this month, and only 21 got through.”
Beginning in 2016, Yale saw a large uptick in ransomware attacks. The security team sees 300,000 to 500,000 pieces of ransomware per week trying to get into Yale’s network. In just one seven-day period in mid-2016, Yale received almost 500,000 pieces. Proofpoint immediately quarantines suspicious email, sandboxes it, and then determines if it is malicious.
“Proofpoint serves us well by keeping ransomware out of our systems environment.,” Mikelinich said. “We are pleased by how much ransomware Proofpoint effectively protects us from.”
Visibility for Effective Action
In the past when a phishing attack occurred, the security team sent a total community message and asked if anyone had actually clicked on the phish. It was difficult to accurately gauge the impact of a particular phish.
Proofpoint reporting capabilities give the team instant visibility with detailed data for rapid response. Now if a phish gets through, the team knows exactly who and how many people received it. They can contact affected individuals or lock their accounts for safety. Proofpoint lets the team control phishing impact, immediately respond in exactly the right place, and avoid wasted time and communications. Compromised accounts are now a rare exception. This shift has freed the security team to work on more advanced security initiatives.
“Proofpoint is tactical and precise,” Mikelinich said. “It’s made incident response a manageable event. And as a CISO, I’m very comfortable using the technology. It’s easy for me to navigate, find exactly what I’m looking for, generate reports, and study trends over time.”
Impact on the Future
Although the security team protects the university 24 hours a day, the growing volume and variety of threats attacking the university still pose a tremendous concern. And it’s not just Yale—these threats are also attacking other higher education institutions, corporations, and law enforcement agencies.
“Sometimes people consider security concerns to be over zealous,” Mikelinich said, “but sometimes conditions develop that are serious and impactful. We have to respond. We can’t just sit here until someone gures out why these forces want to attack us. We have to mount a defense and protect the mission of the university, and Proofpoint helps us with that.”
Mikelinich is displeased to see bad actors attack institutions that do good, honorable work that benefits society. He feels a responsibility to share what he’s learned, so that together, higher education institutions can work together to more effectively fight cyber threats. He encourages his peers at other institutions to take a close look at Proofpoint because he knows firsthand how effective it is.