Coventry University has leveraged CrowdStrike Falcon Complete managed detection and response (MDR) for comprehensive protection of a dynamic campus environment. Steve Rogers, Enterprise Cloud, Infrastructure and Security Architect at Coventry University, discusses the project and the business benefits in more detail.
Stability and predictability are the cornerstones of an effective security programme. Steve Rogers, Enterprise Cloud, Infrastructure and Security Architect at Coventry University in the UK, had neither. “On any given day, we support about 40,000 stakeholders spread around the world and due to the various courses we offer, we spike by thousands of users every few months,” he said. “We also have a Bring Your Own Device (BYOD) policy that means we have limited control over the diverse range of technologies that connect to our networks. To further complicate the situation, the university has a dynamic portfolio of over 600 applications, running on a distributed pool of 600 servers and cloud-based environments.”
With its main campus located in the West Midlands, England, Coventry University can trace its origins back to 1843. Today, the university provides innovative teaching — and a focus on impactful primary research — for 29,000 students in Coventry, London and Scarborough, and internationally in China, Singapore and Rwanda.
The university has won numerous awards and accolades for student satisfaction and teaching quality, including being shortlisted for University of the Year, a gold rating in the UK Government’s Teaching Excellence Framework and a top 15 placement in a prestigious national newspaper ranking.
The price of success
The university creates substantial amounts of proprietary research and high-value intellectual property (IP), much of it resulting from partnerships in healthcare, engineering and the automotive industry. Coupled with holding significant volumes of sensitive personal information, Coventry University has become a prized target for cybercriminals around the world.
The volatile nature of the environment had resulted in Rogers and his team being forced to take a very reactive stance in protecting the university’s digital assets, frequently relying on complete disk reimaging to address compromised machines. “Despite the measures we had in place, it was taking us several days to identify a security incident before we even began remediation procedures,” said Rogers. “We were having to completely overwrite around 20 disk drives each week. The resource drain on the team was enormous.”
Plugging the holes
An independent audit and gap analysis from a long-time IT partner confirmed that the weakest link in the university’s defences was endpoint security and this vulnerability was being amplified by the highly diverse and unknown nature of devices connecting to the global network.
A multi-vendor Proof-of-Concept (PoC) enabled Rogers to determine that the CrowdStrike Falcon platform was the optimal solution to address the university’s endpoint challenges. To create a world-class set of endpoint protection capabilities, the Falcon platform was deployed with Falcon Device Control endpoint device control, Falcon Complete managed detection and response (MDR), Falcon Discover IT hygiene, Falcon Insight endpoint detection and response (EDR), Falcon Overwatch managed threat hunting, Falcon Prevent next-generation antivirus, Falcon Intelligence automated threat intelligence, Falcon Firewall Management and Falcon Spotlight vulnerability management.
Implementation of the CrowdStrike suite enabled Rogers to reduce the number of vendor solutions maintained by the security team from seven to three. In addition to reducing the burden of managing this number of applications, the effectiveness of the team showed significant improvement. “Since deploying CrowdStrike, the time spent by the infrastructure team on resolving cyberthreats went from over 80 hours in a measurement period, to under five hours,” said Rogers. “This is almost a 94% drop.”
CrowdStrike protects the university’s hybrid environment, securing Microsoft Azure and additional AWS services, as well as the numerous physical servers and connected devices. CrowdStrike consultants customised existing protocols and interfaces to enable the Falcon modules to seamlessly integrate with physical and virtual firewalls and network segmentation security methods that were already in place.
“Very soon after going live we were hit by a string of zero-day attacks,” said Rogers. “CrowdStrike identified the threats and isolated the impacted machines in a matter of minutes. Prior to Falcon, this would have knocked us offline for multiple days.”
Moving the needle
As befitting Coventry University’s reputation as a global and transformational educator, Rogers and his team operate within a comprehensive metrics framework that tracks key parameters relating to the performance and effectiveness of the security infrastructure.
“The visibility we have now is a powerful asset in keeping the university secure,” said Rogers. “We’re able to use the detailed reports to show our senior management team threat and risk levels across the entire environment. In addition, we utilise these accurate metrics to create a compelling business case to ensure that we can secure the appropriate levels of investment to continue protecting the university.”
People make the difference
One of Rogers’ team’s biggest challenges was having an unmanageable workload. “With CrowdStrike now handling key aspects of our security responsibilities, we’re able to focus on being proactive across both the security and infrastructure domains,” he said. “And rather than having to ask team members to work unsociable hours, CrowdStrike’s 24/7 support desk provides us with the reassurance that everything will get appropriately handled. Everyone is happier.”
“Many vendors in the security space are just anonymous, faceless organisations, but with CrowdStrike, we’ve come to know the people we work with,” Rogers continued. “They’ve become an extension of our workforce and the way we do business.”
For Rogers, the impact of CrowdStrike has been significant. “CrowdStrike is a crucial long-term partner for Coventry University,” he said. “It may sound clichéd, but knowing that the university’s infrastructure is protected gives us peace of mind and lets us sleep well at night.”Click below to share this article