Coventry University Achieves First-Class Results with Enhanced Endpoint Security Strategy
The Price of Success
The university creates substantial amounts of proprietary research and high-value intellectual property (IP), much of it resulting from partnerships in healthcare, engineering and the automotive industry. Coupled with holding significant volumes of sensitive personal information, Coventry University has become a prized target for cybercriminals around the world. The volatile nature of the environment had resulted in Rogers and his team being forced to take a very reactive stance in protecting the university’s digital assets, frequently relying on complete disk reimaging to address compromised machines. “Despite the measures we had in place, it was taking us several days to identify a security incident before we even began remediation procedures,” said Rogers. “We were having to completely overwrite around 20 disk drives each week. The resource drain on the team was enormous.”
Plugging the Holes
An independent audit and gap analysis from a long-time IT partner confirmed that the weakest link in the university’s defenses was endpoint security, and this vulnerability was being amplified by the highly diverse and unknown nature of devices connecting to the global network. A multi-vendor proof of concept enabled Rogers to determine that the CrowdStrike Falcon® platform was the optimal solution to address the university’s endpoint challenges. To create a world-class set of endpoint protection capabilities, the Falcon platform was deployed with CrowdStrike Falcon® Device Control USB security, CrowdStrike Falcon® Complete managed detection and response (MDR), CrowdStrike Falcon® Discover IT hygiene, CrowdStrike Falcon® Insight XDR extended detection and response, CrowdStrike® Falcon OverWatchTM managed threat hunting, CrowdStrike Falcon® Prevent next-generation antivirus, CrowdStrike Falcon® Intelligence automated threat intelligence, CrowdStrike Falcon® Firewall Management and CrowdStrike Falcon® Spotlight vulnerability management.
Immediate Benefits
Implementation of the CrowdStrike suite enabled Rogers to reduce the number of vendor solutions maintained by the security team from seven to three. In addition to reducing the burden of managing this number of applications, the effectiveness of the team showed significant improvement: “Since deploying CrowdStrike, the time spent by the infrastructure team on resolving cyber threats went from over 80 hours in a measurement period, to under five hours,” said Rogers. “This is almost a 94% drop!” CrowdStrike protects the university’s hybrid environment, securing Microsoft Azure and additional AWS services, as well as the numerous physical servers and connected devices. CrowdStrike consultants customized existing protocols and interfaces to enable the Falcon modules to seamlessly integrate with physical and virtual firewalls and the network segmentation security methods that were already in place. “Very soon after going live we were hit by a string of zero-day attacks,” Rogers said. “CrowdStrike identified the threats and isolated the impacted machines in a matter of minutes. Prior to Falcon, this would have knocked us offline for multiple days.”
Moving the Needle
As befitting Coventry University’s reputation as a global and transformational educator, Rogers and his team operate within a comprehensive metrics framework that tracks key parameters relating to the performance and effectiveness of the security infrastructure.
Measurement | Pre-CrowdStrike | With CrowdStrike |
---|---|---|
Number of user machines needing reimaging due to malicious threats | 18 per week | Zero |
Number of malicious files found in network | 56 per month | Zero |
Average time to resolve security incidents (P1) end to end | 2-3 days | 44 minutes (longest incident) |
Service Desk FTEs needed to manage/ mitigate security incidents | 2 FTEs | No recorded incidents since CrowdStrike implementation |
Number of security-related incidents on network in six-month period | 350 incidents [user-, desktop- and server-related] | Zero incidents |
Number of out-of-hours security-related threats discovered in six-month period | 113 threats identified | >230 threats identified |