Though it doesn’t get as much attention as hackers targeting the Department of Defense, large financial institutions, or the nation’s utility grid, cybercrime plagues the networks of educational institutions from coast to coast.
Just Google something like “students steal personal information from school networks” and you’ll get more than 29M results.
Greg Bartay, IT director for Pearland ISD, can vouch for the seriousness of this problem firsthand.
“We had a student who brought malicious tools into the district and executed them from a flash drive,” explains Bartay. “He downloaded Active Directory tools at home. He also downloaded UltraSurf, which creates a virtual tunnel through your firewall from the inside out. He was trying to break into student accounts.”
“He was posting the information he retrieved online,” Bartay continues. “We received anonymous emails from Internet share groups telling us what he was doing. With more time, he could have gotten access to things like students’ and parents’ Social Security numbers.”
To combat this threat and avoid future problems, Bartay began looking for a technology solution that the district could use to protect the personal information of students, teachers, and staff.
One week after the hack, Pearland was hit with a ransomware attack.
“The attack was due to a file generated from a flash drive used on a school computer,” said Jonathan Block, desktop support services manager for Pearland ISD. “There were 15-20 file shares affected. It took us five hours to recover the data from backup. And, because we had to take down those file shares to recover data, we were unable to back up a day’s worth of teachers’ and students’ classwork.”
“We thought we were protected against ransomware,” continued Block. “But we discovered that Microsoft System Center Endpoint Protection had no zero-day definitions for the variant that attacked us.”
The one-two punch of a hack closely followed by a ransomware attack created an enormous sense of urgency for the Pearland ISD IT team to find a solution.
The Solution: AppSense Application Manager
Other than locking down the network, which made day-to-day educational tasks nearly impossible, the district had few choices for protecting its sensitive information.
“We knew that trying to address the problem via Active Directory would take a lot of time and expertise,” recalls George Thornton, vice president of engineering for Pearland’s technology partner Logical Front. “Then a representative from AppSense explained what Application Manager could do. So we set up a proof of concept study.”
The POC ran for two months and Application Manager performed as promised, preventing any unauthorized executable from running within the network.
“It did everything we were told it would do,” notes Bartay. “It gives us control over what anyone can execute out of their home folders or off a USB drive. If someone wants to run a program that’s not on our list, they have to ask permission. It’s prevented kids and even many of our staff from using Pearland ISD endpoints for non-school-related activities.”
“It took just ten minutes to deploy a simple Application Manager configuration to 38 machines in one of our high school libraries as a test,” said Block. “The team spent several hours observing a succession of students try to play games on those library computers using flash drives they brought from home. Application Manager blocked every attempt.”
Since installing Application Manager, Bartay and his team have significantly reduced their risk. In addition, as the team observed in the school library, Application Manager has allowed the IT team to block students from executing online games without diving in to granular Active Directory policies. This saved the IT team time and also put a stop to activities that were robbing students of instructional time.
“When they are losing instructional time, it means they are not doing what they are here to do,” Bartay points out.
In addition to saving time on AD policies, implementing Application Manager also saves the IT team hundreds of hours each school year resetting all the student passwords due to malware or ransomware issues.
Organizations used to stress perimeter security with strong firewalls and robust access policies. Today, that’s not enough.
“You can’t put a price on security. You’re talking about people’s lives. Just ask the people that shopped at Target. People will be cleaning that up for years to come,” concludes Bartay. “You have to have a zero trust policy, with virtual firewalls throughout your network and layered defenses. AppSense helps achieve that.”
On March 14, 2016, LANDESK acquired AppSense, the leading provider of secure user environment management solutions. Check the AppSense section of the blog for all of our AppSense-related content.