Pearland Independent School District

AI and automation address cybersecurity concerns

USE CASE: Ensuring the Wi-Fi network remains reliable, secure and future-ready with a lean IT staff.

In today’s hyperconnected world of BYOD and IoT, it’s not enough for a K-12 school district to rely on a hand full of laptops on carts and Internet access. The network and cloud services are increasingly used by teachers for lessons, homework assignments and communicating with parents and administrators. And it often makes sense to let students use the endpoints that they’re familiar with as nearly 90 percent of what they’re asked to do is now online. A shorter learning curve equates to happier users.

The goal for IT teams is to ensure that the network experience is fast and secure. Luckily, there’s always newer high performance wireless options when it’s time for a refresh. The bigger challenge is securing the network at the edge and inside the network as new BYOD and IoT devices such as surveillance cameras, HVAC controllers and temperature monitors are connecting to networks.

Aruba’s IntroSpect provides actionable intelligence and alerts that helps us identify and resolve network security issues,” said Greg Bartay, CTO, Pearland ISD. “In the K-12 industry, it’s difficult to get funding for additional full-time employees, so our team has to leverage solutions that allow us to be more efficient and scale our existing staff.

For K-12 schools like Pearland Independent School District in Texas, all of this must be managed, monitored and secured by a lean IT staff. The same team is also responsible for addressing the District’s mission to deliver an amazing network experience across 23 campuses and 4 administrative and support buildings for its 22,000 students, and 2,700 teachers and staff.

“Automation is the key,” says Greg Bartay, CTO, Pearland ISD. “For one example, our plug and play network allows us to connect an Aruba access point or IoT device into a switch without re-configuring them. The goal now is to automatically gather better data about the behavior of endpoints once connected on our wired and wireless networks.”

Bulking Up to 802.11ax

To date, 2,200 Aruba APs have supported the bulk of the district’s coverage requirements, however the IT team is planning to refresh each of their campuses and buildings with Aruba’s new 802.11ax (Wi-Fi 6) APs to ensure that they’re ready for future network demands.

As Wi-Fi 6 enabled devices start connecting to the network it will be easy to leverage multi-user capabilities that automatically improve the performance for everyone and everything, even IoT devices. The greater speed, throughput and multi-gigabit capacity that the 802.11ax APs deliver will be key, according to Bartay.

“Complete coverage and connectivity at all of our locations is key,” said Bartay. “We have access points in all of our classrooms and covering all of our common areas and we are expanding that coverage to the outside corners of the buildings to support the security measures we have in place with the city and local police.”

When considering the refresh, Bartay looked at a couple of other vendors, but given the Pearland’s long-term relationship and success with Aruba solutions, he chose to stay with what was working well for the district. To make the most of the district’s funding, they tapped into E-Rate funding to move forward with their plans.

Security Automation and Orchestration

The Pearland IT team was looking for a way to leverage automation to help secure their network. After a visit to Aruba’s Customer Experience Center, Bartay and team decided to launch a PoC using Aruba’s IntroSpect solution. Instead of having their lean IT team spend hour upon hour mining logs, IntroSpect would allow them to feed data from Splunk and other existing solutions into IntroSpect to automatically find changes in an endpoints behavior.

The user and entity behavior analytics (UEBA) and Network Traffic Analysis (NTA) capabilities provided by IntroSpect would allow for greater visibility using AI-driven machine learning and other advanced analytics to deliver near-real time insights. Bartay and his team could detect and locate attacks and remediate issues much more quickly. “Big data is worthless without actionable reporting,” Bartay says.

IntroSpect catches an attack before it does damage

Even before purchasing IntroSpect, the team was able to detect an instance of Emotet malware on the network. Faculty was being locked out of their accounts for unknown reasons and IT could not determine why or where the problem was coming from. IntroSpect was able to collect data and point out behavior changes in specific endpoints that quickly identified where to look first.

Within 90 minutes, the Pearland IT was able to isolate the subnet hit by the malware, find the machine that let it in and deliver the system to the IT team, a process that took other school districts six weeks to accomplish. The result was that sensitive data was protected, attackers were prevented from moving laterally to other endpoints (computers and IoT devices) while operations were uninterrupted.

“Being an educational institution, we can’t be as restrictive as many private sector businesses,” Bartay says. “We have to provide access to our users with the understanding that they may not be as security savvy as we’d like them to be. The challenge is to stay one secure step ahead without interfering with the education process.”

Leveraging ClearPass Policy Enforcement

Pearland has also implemented Aruba ClearPass to replace an aging system from Avaya/Extreme. As IntroSpect and ClearPass are designed to work together, the plan is to use the products to proactively respond to attacks as incidents are discovered. “We all want to take it one step further,” mentioned Arturo Gonzalez, network manager at Pearland ISD. “We want IntroSpect to leverage ClearPass to take action on actual alerts instead of informing us of suspect behavior.”

In the future, instead of physically going to the location where the endpoint was in the Emotet example, an alert from IntroSpect could have triggered ClearPass to automatically change the authentication status of the offending endpoint. Any time spent with the end user could then be spent on determining where the malware was encountered and how to avoid it in the future.

Delivering user expectations and ROI

It’s easy to see that the Pearland IT team is experiencing many of the same challenges that you’d find in any environment. The density of networked devices is growing, more applications are cloud-based and security is a top concern as seamless mobility and BYOD connectivity are what users expect.

“As a networking expert you have to know your business and be aware of the overall objectives and strategic goals,” says Bartay. “And in the end the solutions you choose must offer the innovation, performance and the reliability that delivers the ROI that your team can measure.”