07 March 2024
Sheffield Hallam University is one of the UK’s largest and most diverse universities: a community of more than 35,000 students; 4,500 staff; and more than 295,000 alumni around the globe. Of those students, 53% are the first members of their family to attend university and 23% are from low-participation neighbourhoods.
The University standardised on Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs) to safeguard its network some ten years previous. However, the education sector has become increasingly vulnerable to ransomware since then. Jisc’s Cyber Impact Report 2022 reveals that UK institutions spend an average of £2 million on responding to ransomware attacks – and ransomware is now the sector’s top cybersecurity risk, with more than 100 institutions falling victim since 2020.
“We have seen a 20-fold increase in ransomware since lockdown. We host highly sensitive student, administrative, and research data. We work collaboratively across the world. And people are operating 24/7, so cyber protection needs to be highly resilient, proactive, and continuous,” said Dave Ainscow, head of cyber security at Sheffield Hallam University.
Scaling remote access
As the COVID-19 lockdown struck, the University’s remote connectivity also needed attention.
“Almost overnight, we needed to scale remote access to 39,000 students and staff. Our Cisco VPN could do that but was expensive to operate and lacked the functionality to support a modern hybrid workplace,” said Dave Ainscow, head of cyber security at Sheffield Hallam University.
Endpoint protection has also been a challenge: “the Sophos tool that protected our server estate required additional resources to manage exceptions. We also needed to extend EDR to support our new Azure estate,” added Ainscow.
With these increasing challenges in scaling remote access, upgrading endpoint protection, and – perhaps most critically – protecting itself against ransomware attacks, it was time for the University to modernise its entire cybersecurity infrastructure.
The University’s next-generation cybersecurity strategy would be required to: prevent cyberthreats across cloud, network, and endpoint devices; protect staff and students’ personal information and IP; deliver flexible, policy-driven remote access experiences at scale; and accelerate the Zero Trust journey.
The University opted to extend its existing Palo Alto Networks network security solution into endpoint protection and remote working.
One unified portfolio comprising Palo Alto Networks ML-Powered NGFWs, Cortex XDR, and Panorama provides continuous 24/7 protection against both new and existing threats. Cortex XDR protects the University’s 370 on-premises servers and Azure environment. It detects and responds across all data, regardless of origin or location. Complete visibility eliminates blind spots, while the management console offers end-to-end support for all Cortex XDR capabilities, including endpoint policy management, detection, investigation, and response. Remote working has been similarly transformed - GlobalProtect is the University’s exclusive VPN solution, enabling secure remote working for up to 34,000 staff and students.
“The switch from Cisco during lockdown was a remarkable achievement. We had everyone live in less than two months,” said Ainscow.
KHIPU Networks played a vital role in orchestrating this modernisation too: “KHIPU have been a long-term, trusted partner, providing higher education expertise, insight, and professionalism. Their engineers really understand our business too – they have become an extension of the University,” added Ainscow.
In 2022, the University began using the KHIPU Networks Security Operations Centre (SOC) to provide 24/7/365 cyberthreat monitoring, detection, and response. The SOC uses the Palo Alto Networks Cortex XSOAR platform to accelerate security orchestration, automation, and response.
“Their SOC is staffed by cyber experts who are always available, their service integrates into our existing environment and doesn’t just alert, it protects and prevents threats,” said Dave Thornley, head of digital architecture at the University.
“We don’t think there’s any other solution on the market like Palo Alto Networks,” opined Ainscow. “The integration, simplicity of interface, visibility, and reporting outpace anything offered by other vendors. By utilising our existing Palo Alto Networks NextGeneration Firewalls we are to extend their capabilities by using their portfolio alongside KHIPU Networks as a low-risk, fully interoperable single partner.”
The benefits of this connected, agile cybersecurity portfolio include continuity of learning and research: despite the growing threat landscape – especially from ransomware – students and staff can connect, collaborate, and learn globally, confident that their data is protected and available.
Moreover, student and staff security has been enhanced further than ever before. The portfolio prevents cyberthreats across cloud, network, and endpoint devices while protecting personal information and IP. It also safeguards highly sensitive research and government data.
“Some people write risky PowerShell scripts. Cortex XDR identifies these among everything else so we can take action to close the threat,” said Ainscow.
The new portfolio delivers modern, flexible, policy-driven remote access experiences at scale – across any user, any application, any device, and any network, fully supporting remote working and learning.
Efficiency has been increased too. Today, the University requires fewer resources to manage its IT estate, despite relentless growth in data, applications, and users. With the unified management of a single cybersecurity solution across servers and services, simple, integrated security is driven across cloud and SaaS workloads.
Palo Alto Networks and KHIPU Networks assess, protect, and manage the ever-increasing digital risks and threats posed to Sheffield Hallam University, ensuring staff, students, and partners are protected throughout their education.