Safeguarding personal data and intellectual property across UC system

Detecting and investigating cyberattacks with FireEye’s Managed Defense
By: | Issue: November/December, 2019 | Case Study
October 24, 2019

The University of California system includes more than 280,000 students and more than 227,000 faculty and staff across 10 campuses and five medical centers. Monte Ratzlaff, cyber risk program director at the UC Office of the President, coordinates and facilitates the safeguarding of personally identifiable information and intellectual property. After a cyberattack at UCLA Health in May 2015, UC sought a systemwide solution to secure its network, email and endpoints against cyberthreats.

“We had to have visibility into all of our locations,” Ratzlaff says. “There was a need for consistent and coordinated threat detection and identification.”

Taking a ‘holistic approach’

A request for proposal process, which was originally started by one UC institution and expanded after the UCLA Health incident, led to the selection of FireEye, says Ratzlaff.

“They have a holistic approach to identifying cybersecurity threats,” Ratzlaff says of FireEye. “They could address our requirements in a way that other vendors could not.”

“We had to have visibility into all of our locations. There was a need for consistent and coordinated threat detection and identification.”

FireEye offers a range of solutions, including Managed Defense. This provides rapid-threat containment via integrated detection and response capabilities to quickly investigate and resolve cyberattacks and contain endpoints to expedite responses. Also, by integrating with an institution’s existing security infrastructure and offering additional automation, FireEye’s Managed Defense extends the reach of information security teams in a cost-effective manner.

Managing budgetary concerns

The UC system began its work with FireEye with a determination of baseline standards security.

“We communicated with our location security experts and chief information security officers about what FireEye was and what the approach was going to be,” Ratzlaff says. “We determined what needed to be deployed at each location as a baseline.”

Deployment and implementation of baseline components were funded directly by the Office of the President, which managed budgetary concerns from individual campuses and health centers. Once FireEye’s baseline security defenses were deployed, locations could add on additional features.

‘Faster detections, more reliable alerts’

In 2018, Managed Defense generated 50,000 alerts out of more than 20 billion events, including alerts related to malware and ransomware that required intervention.

Ratzlaff says it would be a challenge to have staff at every location consistently identifying threats. FireEye’s Managed Defense mitigates the need for more personnel.

“We get faster detections and more reliable alerts, especially in comparison to a stand-alone model, where locations have individual expertise and some tools but not the coordinated and consistent approach to threat detection that FireEye provides,” Ratzlaff says.
He continues, “The biggest ROI is the ability to consistently identify threats immediately, as opposed to threats lingering or not detecting them at all.”

Defending students, faculty and staff against cyberattacks

Expand visibility from network to endpoint and cost-effectively extend the reach of information security teams

Q&A with Christian Schreiber, Product Strategist, FireEye

Briefly describe the cyberthreat landscape for higher ed institutions.
Universities face multiple threats, coupled with large infrastructure and small resources, to defend against them. One threat is attackers motivated by financial gain. This includes everything from stealing data with resale value to ransomware that looks to extort payment. Similar to that is nation-state espionage, which looks like financially motivated data theft but has different underlying motives. Institutions are also great targets for pass-through attacks and hacktivist activities. One of the trends starting to get attention is theft of university login credentials, which have high resale value compared with other things such as credit cards or Social Security numbers.

How can the growing adoption of mobile devices to access institutional data impact cybersecurity threats?
The biggest challenge is that an institution’s data can be accessed from devices that the institution does not directly control. Colleges and universities are BYOD entities and have been for many years. With the growing adoption of personal devices to conduct business, institutions need to figure out how safe those devices are and whether data is being downloaded and stored on them. It compounds the challenge of keeping tabs on the sensitive data that colleges and universities have been charged to protect.

“Institutions may not be able to directly control all the endpoints, but sensitive areas, like data centers, need
comprehensive monitoring tools.”

How can institutions extend the reach of their information security teams to prevent or mitigate these risks cost-effectively?
Most institutions look to extend endpoint security tools to make them free of charge for anybody who might access data. Colleges and universities should set an endpoint security standard. Institutions also need extensive network visibility. Institutions may not be able to directly control all the endpoints, but sensitive areas, like data centers, need comprehensive monitoring tools. While monitoring tools may not be able to prevent an attack, it is important for institutions to quickly detect a potential problem and know the exact scope of the intrusion.

How does FireEye defend the personally identifiable information and intellectual property of students, faculty and staff against cyberattacks?
Our comprehensive approach combines technology, intelligence and expertise. We offer protection and detection tools, including network, email, endpoint and cloud solutions. These solutions work together to provide comprehensive visibility across the spectrum of IT infrastructure. From an intelligence perspective, understanding how bad actors work helps us create tools that have the right set of detection and protection capabilities. When it comes to expertise, it can be difficult for universities to attract and retain the best cybersecurity talent. We have a comprehensive set of solutions that work together to cover all these domains.

For more information, please visit fireeye.com/solutions/education.html


Interested in technology? Keep up with the UB Tech® conference.