Network Security

Supporting Academic Openness While Protecting the Campus Network

Santa Clara University is using automated threat detection to help maintain compliance and protect its network from security threats.

• By Rhea Kelly
• 05/13/15

"Academic freedom and security go together about as well as oil and vinegar," according to Bryan McClenahan, senior information security analyst at Santa Clara University, a Jesuit Catholic institution in the heart of in California's Silicon Valley. Like most universities, SCU is dedicated to maintaining an open, collaborative environment, and faces security and compliance challenges as a result.

"How do we balance? We work with the different schools and business units to enable them to do what they need to in the most secure way possible," said McClenahan. "It's always a moving target." One of the biggest sources of security risk: students and the devices they bring to campus. "With students and all of their associated devices we have very little control," he noted. "We attempt to make sure that they have antivirus installed and running before being allowed access to the campus network. But because we do not have control over them, it's often difficult to ascertain just what's happening on those end points."

SCU uses a variety of security products to help manage the threats, including Symantec antivirus, Palo Alto Networks firewalls and IBM QRadar security information and event management (SEIM). Yet McClenahan and his small staff do not have time to analyze the information from all those tools on a regular basis, dissect security events and create defenses, he said: "We can't look at all our solutions every day."

Looking for a way to gain more visibility into network traffic and quickly diagnose and prioritize threats, SCU turned to the X-series platform from Vectra Networks. Vectra's automated threat detection "provides deep, continuous analysis of both internal network and Internet-bound traffic to detect all phases of a breach as attackers attempt to spy, spread and steal within the network," according the company.

"Vectra quickly showed us its value by giving us the visibility into our network and our security devices that we need," said McClenahan in a statement. "It finds the needles in the needle stack — we don't even have a haystack." He continued, "The UI is very intuitive and easy to use. Vectra's ability to pull all our information together, and with the addition of explanations into incidents detected, facilitates quicker resolution to issues, and that adds significant value to our organization."

In particular, McClenahan expects that Vectra will help streamline SCU's use of the QRadar SEIM product. "We're using QRadar to proactively try and percolate up through the millions of events we have daily, [to identify] the ones that are of interest and might pose threats," he explained. "We're still integrating the alerts from Vectra into QRadar, and when that's complete Vectra will be responsible for bringing interesting security events to our attention via QRadar."

Going forward, the university is looking at ways to expand its use of Vectra in the IT environment, including in the realm of data privacy and compliance. "We have data around student, faculty and staff health records, deposit information and student grades," noted Robert Henry, chief information security officer at SCU, in a statement. "We have lots of sensitive data stored and we will explore how Vectra can help protect it." Vectra will also help with an upcoming endpoint management initiative. "We want to do cleaning and proactively protect, but we know we're not going to be successful all the time," said Henry. "We will use Vectra to see what's going on and address issues as they pop up."