UTM is the Answer for Higher
Education
How Fortinet Provides Security for the Latest
IT Trends in Education
Introduction
Universities, community colleges, and other
institutions of higher education are known for
their adoption of technology and openness to
allow students and faculty to explore a wide
variety of topics facilitating learning and research.
Higher education institutions are struggling to
build adaptive and cost-effective network
infrastructures to support today's sophisticated
styles of teaching and learning. MOOC’s, extended
campuses, the proliferation of video and
Government requirements are stressing existing
network infrastructures. IT has moved from a back
office operation to foundation of education in
America. The open environment, coupled with a
young population, has led to an influx of devices
that is not seen in any other vertical. Students
bring with them not only smartphones, but
gaming systems, laptops, tablets, blu-ray players
and many other connected devices. While
openness is a primary concern for higher
education environments, security has often
suffered as a result.
and applicants. This breach was particularly
noteworthy because of the shear amount of
information contained in the database that was
breached. Social Security numbers, addresses,
grades, transcripts and housing data for current
and former students, as well as those who applied
to the university but did not attend. Other industry
statistics put the number of university records
exposed in 2012 at over 1.5 million. With an
estimated cost of $145 per record exposed, data
breaches for a university can be very expensive.
Here we will investigate many of the key
challenges that universities and institutions of
higher education face when attempting to secure
their systems. We will discuss industry best
practices designed to secure key systems such as
databases and the network. Finally, this paper will
discuss Fortinet’s unified approach to security,
showing that UTM provides a cost-effective
solution to increasing security for educational
institutions.
Balancing Openness with
Education institutions have been an increasingly
popular target for attack (Table 1 shows the top 4
breaches in 2012 alone).
Table 1- Top 4 Largest University Breaches in 2012
2012 illustrated this
Security
trend with several high
profile breaches,
including a breach at
the University of
Nebraska that affected
over 650,000 students
School Name
University of Nebraska
University of North Carolina
at Charlotte
Arizona State Univeristy
Northwest Florida State College
Number of Records Lost
654,000
350,000
300,000
279,000
As revealed above,
higher education has
seen a large number of
data breaches. It
should come as no
surprise that
investigations after a
breach discover a lack
UTM is the Answer for Higher Education | FORTINET White Paper
of security controls. Institutions of higher
education have a great deal of data to protect but
often lack the staff and resources of similar
corporate environments. This gives higher
education a variety of challenges to maintaining a
secure environment while keeping very open
networks. Some of these challenges are listed
below:
Providing Secure BYOD
Enterprises have seen a surge in devices as line
workers bring in their own smartphones and
tablets, but higher education has to contend with
more devices per user and larger populations than
most enterprises. Many higher education IT
departments see two to three devices per students
in addition to a wireless enabled laptop computer.
These devices typically include smartphones and
tablets, but eReaders and gaming systems also
factor into the equation. Since higher education
does not own any of the student devices (and
doesn’t have much influence on the faculty either)
supporting and securing a wide range of devices
without having the ability to install software is key.
An additional concern is bandwidth management.
There are going to be peak usage times at a
higher education institution and without
bandwidth management, electronic learning, and
core services such as registration and payment
could be affected and overwhelmed by
overwhelming amounts of traffic. In addition,
BYOD brings a different format: Small packets and
lots of them.
Protection against the Latest Threats
Another challenge faced by higher education is
protecting against the latest threats. Unlike a
traditional enterprise environment where there is a
set list of software, and very limited access, higher
education has faculty, contractors, visitors, and
students using a broad range of software systems.
The challenge is to ensure that malware does not
have a chance to spread in the higher education
network.
Traditional antivirus solutions cannot keep up with
modern threat landscape. Higher education needs
security solutions that protect against multiple
attack vectors – preventing attacks that combine
zero day vulnerabilities, web exploits, Bot-Nets,
and phishing attacks.
Keeping Total Cost of Ownership Low
Like many traditional enterprises, higher education
is under resource constraints. Information security
departments – if they exist at all – are
understaffed. Like other verticals, the primary
goals of higher education are focused on
providing IT services first, security is usually added
on later. Many higher education institutions also
face the challenge of supporting multiple security
products, which have proliferated over time.
UTM + Threat Research is the
Answer for Education
Unified Threat Management (UTM) is not a new
concept. There have been a number of UTM
vendors around for years. The difference is that
some vendors have continued to drive
improvements in their products to address the
challenges and scale required by the largest
organizations. Today, UTM allows organizations of
any size to combine a wide variety of core security
solutions into a single device, allowing even the
largest higher education institutions the ability to
centrally manage all their security needs from a
single platform.
The Threats are Quickly Evolving
Security is a constant cat and mouse game
between hackers and vendors. The traditional
model of network security was focused on
protecting the network from the outside using
firewalls and other traditional security devices.
With the popularity of social media applications
like Facebook and Twitter and the requirement to
provide easy access to data to students and staff,
the potential for an accidental malware incident
increases significantly.
All it takes is a single click and malware can then
exploit vulnerabilities in applications and
download malicious programs, such as key
loggers, to steal user names and passwords and
private data. Unfortunately, the most common
applications and file formats are the ones with the
greatest chance of exploit. Traditional approach of
separate devices for different problems is not
effective. Security requires a layered approach
and only a UTM with an active threat research arm
can seamlessly provide that kind of advanced
security.
www.fortinet.com
UTM is the Answer for Higher Education | FORTINET White Paper
Multiple Vendors Does Not Equal Better
Security
There has been a long standing thought in
security that a collection of devices from various
“best of breed” vendors is more effective than a
unified solution. Unfortunately, practice shows
that a mix of devices from multiple vendors may
actually leave gaps in the security of an
organization, increasing the risk of attack.
There are other challenges associated with a mix
of devices from different vendors. Each vendor
will require its own maintenance fees and the staff
must learn interfaces for each different product.
Training costs are higher and the on boarding
process for any new employee is longer with a mix
of products.
Unified Management is
Fortinet is the only vendor that provides all of
these capabilities.
Fortinet provides Secure, End-to-End
Security for Organizations of all Sizes
As education organizations extend access to
students with tablets and a wide variety of other
devices. Fortinet has several products that can
ensure secure access control through rogue AP
detection, authentication, guest Wi-Fi, web
filtering, rate limiting and load balancing. The two
key products for providing complete, end-to-end
protection are listed below.
FortiGate®
Fortinet’s flagship network security solution that
delivers the broadest range of consolidated
network security and network services on the
Key
market, including: firewall, VPN, traffic shaping, IPS,
antimalware,
application control,
Data Loss Prevention,
vulnerability
management and many
more security functions
all centered on a single
platform. Figure 1
illustrates the
advantage of moving
from a mixed
architecture to a
FortiGate driven
Figure 1 - The Fortinet Consolidated Approach to
platform.
Security
The only way risks can
be reduced is through
monitoring of the
entire system for
threats. With UTM, all
the traffic is passing
through the same
platform, giving
administrators a “single
pane of glass” for all
the traffic on the
network. This also
allows administrators to
set a single security
policy that permeates
the entire network infrastructure – ensuring that all
devices on the network, wired and wireless, are
protected all the time regardless of location.
How Fortinet Protects Higher
Education Institutions while
Lowering Costs
As shown above, UTM is the most effective way
for higher education institutions to manage the
latest security threats while lowering costs
significantly. In order to address all the challenges
listed above, a vendor must be selected that
provides end-to-end wired and wireless security
policies, centralized logging and management, and
have advanced threat research capabilities to keep
institutions protected ahead of the latest threat.
FortiAP
Wireless access point FortiAP solutions provide
increased visibility and policy enforcement
capabilities while simplifying your overall network
environment. They employ the latest 802.11nbased wireless chip technology, offering highperformance wireless access point with integrated
wireless monitoring and support for multiple
virtual APs on each radio. FortiAPs work in
conjunction with the feature-rich family of
FortiGate controllers to provide a fortified wireless
space that delivers complete content protection.
FortiGate controllers centrally manage radio
operation, channel assignment, and transmit
power, which further simplifies your deployment
and management requirement
www.fortinet.com
UTM is the Answer for Higher Education | FORTINET White Paper
Fortinet Provides Single Pane of Glass
Management
Given the widely distributed nature of higher
education campuses, the ability to quickly modify
and manage security appliances is essential.
Fortinet provides FortiManager and FortiAnalyzer
products to help educational organizations
manage their distributed environments.
FortiManager ™
“Single pane of glass” management console for
configuring and managing any number of Fortinet
devices, from several to thousands, including
FortiGate®, FortiWiFi™, FortiMail™ and
FortiAnalyzer™ appliances and virtual appliances,
as well as FortiClient™ endpoint security agents.
You can further simplify control and management
of large deployments by grouping devices and
agents into administrative domains (ADOMs).
FortiAnalyzer ™
Centralized logging, analyzing, and reporting
appliances securely aggregates log data from
Fortinet devices and other syslog-compatible
devices. A comprehensive suite of easily
customized reports enables you to analyze, report,
and archive security event, network traffic, Web
content, and messaging data to measure policy
compliance.
Fortinet Provides Protection against the
Latest Threats through FortiGuard Labs
The FortiGuard Network has data centers around
the world located in secure, high availability
locations that automatically deliver updates to the
Fortinet security platforms. With the FortiGuard
Subscription Services enabled, customers can rest
assured that their Fortinet security platforms are
performing optimally and protecting their
corporate assets with the latest security
technology
The FortiGuard security team continually develops
new attack filters to address the latest
vulnerabilities and incorporates these filters into
security signatures. Signatures are created not only
to address specific exploits, but also potential
attack permutations, protecting customers from
zero-day threats. Fortinet deploys a variety of
security filters for a variety of products including
traffic anomaly filters, vulnerability-based filters,
and signatures. Signatures are delivered to
customers on a regular basis – twice a day for IPS,
four times a day for antivirus, and automatically
for antispam and web threats, with no user
interaction required. This constant updating
against both the most prevalent and unexploited
threats provide significant protection to Fortinet
customers.
Conclusion
Higher education will continue to be at the
forefront of technology driven learning. This is
inevitable given the combination of new, young
students and cutting research that occur in higher
education. The challenge for these institutions is
to provide a IT platform that enables flexible
connectivity while providing security for sensitive
student data. Having one platform that provides
the same security and connectivity is even more
desirable, as universities and other higher
education organizations face budgetary pressures.
Fortinet provides both the flexibility and security
for any higher education institution to control
access – segregating sensitive and non-sensitive
data, and doing it all with fewer resources.
Fortinet’s breadth of products, constant security
updates and overall lowered TCO allows higher
education organizations the ability to securely
deliver cutting edge IT services to students,
faculty, and staff while ensuring that all
information stays secure.
www.fortinet.com