Increasing Bandwidth For A Large Higher Education System
Large Higher Education System
A governing body was created as a system of higher education institutions that would provide affordable, accessible, and high-quality education and that oversees and coordinates the administration of 13 public colleges and universities.
The institutions overseen by the body include 13 community colleges, and 24 technical colleges. These institutions serve more than 110,000 students each year and offer a wide range of undergraduate and graduate programs.
As a critical component of that state’s education system, they had to meet cybersecurity requirements to protect their students’ sensitive data, maintain business continuity, protect IP, and mitigate threats.
A TEAM’S BANDWIDTH STRETCHED VERY THIN
Educational institutions are constantly under threat of cyber-attacks, including phishing, malware, and ransomware, which can lead to the compromise of sensitive information, system downtime, and financial loss.
With the common issue in the education field of limited resources and budget constraints, the customer was looking for a partner that was able to augment their staff to increase in-house bandwidth and cover their bases with 24/7/365 SOC monitoring while leverage the tools they had already been using.
As their CIO explained, before Conquest, they were using Dell SecureWorks which had a disparate effect on their systems. Their team had been stretched very thin by responding to a large volume of escalated tickets, operating, and enabling disparate tools, and responding to fires on a daily basis. They needed an extension of their team to free up bandwidth and eliminate the noise while having a centralized view into Microsoft Sentinel and the progression of their cyber program.
ELIMINATING THE NOISE
To determine first steps, the Conquest team enrolled the customer into the Microsoft FastTrack ready program to review any gaps in their Microsoft 365 suite. After completing FastTrack our team had gained a comprehensive understanding of their as-is environment and ran a ROI analysis on their existing toolset.
Since determining the current state of their environment, the Conquest team deployed its ARMED ATK platform modules, DEFEND and SECOPs to enable their prioritized needs for SOC monitoring, centralized visibility, and tool consolidation.
The SECOPs module provides a centralized view of the environment’s security alerts and incidents. With an intuitively organized ticketing system, these alerts are clearly labeled by time, location and severity.
The Conquest team prioritized the deployment of SECOPs to ensure their environment was being fully monitored as quickly as possible. Now, with these modules active, the customer has 24/7/365 visibility and is alerted of potential issues via email, text, and push notification. In case of a problem, the platform also provides direct access to Conquest’s elite team of cybersecurity experts.
By creating simple visualization of each these crucial aspects of their environment, Conquest allows their internal team to understand the urgent needs and maximize their effectiveness. To further optimize their environment, Conquest also provides:
BIWEEKLY TICKET AND TUNING REVIEWS
QUARTERLY CYBER RESILIENCY REVIEWS
SECURITY NEEDS FILLED BEYOND ASK
The customer’s CIO explained that he loved how they could now use Sentinel and integrate with ARMED ATK while leveraging the resources they were already using, further explaining that this “met his vision”.
The Conquest team strives to serve as more than a vendor but as a partner. With Conquest’s complete understanding of the customer’s environment, the internal team can confidently consult the Conquest team for advice beyond technical scope.
This partnership zeroes in on visibility and maximizing efforts and effectiveness. By deploying DEFEND, RISK, SECOPs and SHIELD, the unique capabilities of ARMED ATK dramatically improve the district’s security posture with an overlay of risk and compliance and allow them to:
- Stay on track with their requirements
- Automate and implement the collection of evidence
- Allocate each piece of evidence to each of the NIST CSF controls and better prepare for audits
- Access direct mapping to compliance requirements specific to their requirements and actionable steps towards achieving the outcome
- Make risk-informed decisions to integrate into their operations
- Organize all security alerts and incidents in their environment based on time, location, and severity
- Enable 24x7x365 Extended Detection and Response, Advanced Threat Hunting, and Managed Sentinel Service
- Access logs in their environment dated as far back as one year
A QUIETER ENVIRONMENT WITH MORE TEAM BANDWIDTH
Like most environments in the education industry, the internal team was left to attend to an influx of 2,000 tickets per. If we say the average time to investigate a case is 20 minutes, their former case load required 667 hours of investigation but now with Conquest this amount of time is down to 17 hours. With Conquest’s tooling, automation, and team, only 52 cases are escalated per month in the customer’s environment and is now equipped with centralized visibility, risk-based response, 24/7/365 active monitoring, and much more to secure their environment with a risk-informed strategy.