Founded in 1834 Tulane University in New Orleans, Louisiana is one of the most highly regarded and selective independent research universities in the country. It offers degrees in architecture, business, law, liberal arts, medicine, public health, the sciences and engineering, and social work. More than 13,000 students attend the university, which employs about 4,600 people in staff and faculty positions.
The university’s IT security department handles endpoint security for three distinct user groups: students, staff, and faculty. Each group comes to the university network with a different objective. Students need an Internet service provider and delivery platform; faculty concentrates on teaching and research; and staff supports all members of the university community. The laptops and desktops used by these groups include Mac computers and Windows PCs from a wide array of manufacturers. “We’re trying to serve three distinct user groups without a lot of ability to make changes or set corporate file controls on endpoints,” said Hunter Ely, Tulane University CISO.
IT security walks a fine line between facilitating freedom of information and protecting intellectual property and highly confidential personal and institutional content. On one hand, all user groups have expectations of what the network should do for them. On the other hand, university systems and their endpoints are targets for cyberattacks. “The research networks we build are incredibly fast, with a lot of sensitive information exchanged,” said Ely.
Using a previous product, IT security encountered several problems. “The product wasn’t moving the needle on anti-malware protection. It was missing infections that we were finding out about in other ways,” said Ely. End users also experienced performance issues and complained to the help desk about pop-up announcements and other interruptions caused by the product. It also added management complexity. “It was prohibitively challenging to make a policy change for the enterprise or a specific group. The core anti-malware product was buried so deep in the management portal that making the smallest change was cumbersome,” said Mark Liggett, senior security analyst at Tulane.
Ely needed a solution that was easy to deploy and offered an improved experience for end users and computer support people working in various departments. He was well aware of the adoption problems that often arise with client-based solutions in a higher educational environment. However, he hoped that ingrained knowledge of anti-malware would overcome reluctance to use the tool. “We needed a solution that was demonstrably better than what we were using, because we were going to be asking our end users to actively participate, unlike in corporate networks, where we could implement changes for them,” said Ely.
"In higher education, we have more to secure than a corporate network and less manpower and financing for the task. That’s why we gravitate towards solutions like OfficeScan that are easy to implement and manage."
Chief Information Security Officer, Tulane University
When the opportunity came to change their solution, the security team had to act quickly. Ely called his security products reseller, SecureNation, to request a switch to Trend Micro. “I did a bake-off with Trend Micro about seven years ago when I worked for another university. I kept it in the back of my mind that if I had the opportunity, I would look at Trend Micro again. Other professionals told me they had good experiences with it and that the product had improved over the years,” said Ely.
Because SecureNation sells everything from vulnerability penetration tests to security infrastructure from a variety of providers, Ely was able to make the switch easily. “The diversity and enterprise functionality of Trend Micro offerings and their strong level of support make them a good choice for Tulane University. We’ve had firsthand experience at SecureNation with many security products and chose Trend Micro for our own business,” said Jon Davis, CEO of SecureNation.
The security department moved into a two-month proof of concept (POC) on Trend Micro Enterprise Security for Endpoint, which features OfficeScan anti-malware protection. “What we saw in terms of deployment and support during the POC showed us we were making the right decision,” said Liggett. “Our presales support was spectacular. We had a good presales team and got everything up and running without any issues,” he added. In February 2015, IT security purchased the solution. It took just two days to deploy OfficeScan with only minor issues encountered and another day to start rolling out the solution to endpoints.
Tulane University expects to roll out OfficeScan to 13,000 endpoints. “We have a lot of penetration in staff and faculty groups, and we’re working with students to get them on board,” sad Ely, who expects ongoing endpoint rollout to be business-as-usual.
OfficeScan has lived up to expectations: It not only keeps pace with the global threat environment by responding rapidly to threats and keeping virus and advanced malware infections off machines, but does so in a nonobtrusive, easy-to-manage way. “In higher education, we have more to secure than a corporate network and less manpower and financing for the task. That’s why we gravitate towards solutions like OfficeScan that are easy to implement and manage,” said Ely. “There’s evidence that OfficeScan is catching more, because we follow up on more viruses and malware than we ever used to,” he added.
“Since we rolled out OfficeScan, we get fewer calls to the help desk about issues like a web browser icon that turns all day while a scan runs,” said Ely. In addition, the security department can now delegate more authority over machines to computer support people in various departments. “The OfficeScan management console is easier to understand than what we had, and our support reps can get off the ground quickly with it,” Ely said.
The security team sees many potential uses for Trend Micro functionality. In a few months when the university initiates a new project, Ely hopes to be in a position to do data classification and to explore other functionalities such as Data Loss Prevention (DLP).