Case Study: Garland Independent School District

Home
Info Center
Garland Independent School District

School District Gets an “A” in Network Security

BACKGROUND

SWith an enrollment of over 57,000 students and 12,000 employees, the rapidly growing Garland Independent School District (ISD) is the second largest district in Dallas County, and one of the largest in Texas. District facilities number 74 sites and include two pre-kindergarten, 45 elementary and 20 secondary schools. The Garland ISD community is both ethnically and economically diverse, with over 60 different native languages spoken by students.

THE ABC'S OF SECURITY: NETWORK VISIBILITY AND CONTROL

Network security and application control for school districts is a multifaceted endeavor. By law, public schools must comply with strict guidelines to protect students from exposure to inappropriate content. They must balance this with allowing access to applications that students and educators use for legitimate research and educational purposes, while protecting their networks from viruses, spyware and other harmful programs. Due to the nature of education, school networks frequently experience floods of Internet traffic to a particular web site. When anticipated information for parents is posted online, high volumes of parents and students visit a specific web site to read it.

For several years the Garland Independent School District (ISD) had used Secure Computing’s Sidewinder firewalls for network security. But as new risks emerged, and threats evolved, the district began experiencing problems that illustrated the product’s limitations. Evasive applications like UltraSurf, which hide IP addresses and locations and allow users to surf and access content on the Web anonymously, were causing its IT team huge problems. “It was killing us, and there was nothing we could do to stop it using our current mix of products,” said Neal Moss, Network Engineer for Garland ISD.

In addition, its firewalls sometimes cut off legitimate application traffic, either because that application changed or its traffic spiked. IT staff attempted several short-term solutions, but ultimately, the existing infrastructure’s lack of visibility into applications and anonymizers enabled users to consistently circumvent security -- often at the expense of exposure to malware, viruses and inappropriate content. The district’s legacy security infrastructure was incapable of providing the application visibility and control to protect its 57,000 students. Garland ISD knew it needed to move in another direction.

CALLING THE INTERNET'S SAFETY PATROL

When Palo Alto Networks called, Moss was receptive. “Half way through the presentation I asked the sales representative to stop because I wanted other people to look at the PA-4000 Series too,” says Moss. “I dragged in our whole team and everyone got excited because its ability to deliver Layer 7 would solve the problems we were experiencing – especially with UltraSurf.” Cisco Systems also presented, but since its firewall could not demonstrate Layer 7 capabilities, and only recognized 30 applications to the PA-4000 Series’ 650, Garland ISD found the decision an easy one to make.

Moss and his team conducted a trial of the PA-4000 Series. “Before doing any real configuration, it immediately identified three boxes in the district using trojans to move data around, and found one box that we didn’t even know existed,” explains Moss. “The Palo Alto Networks firewalls shut them down right away.” Impressed, Moss gradually directed all of the district’s network traffic through the firewall. “Within two days I had the entire district running through it, and now it’s our primary firewall,” said Moss.

GRADUATING TO A MORE SECURE ENVIRONMENT

The PA-4000 Series has delivered the results sought by Garland ISD – and more – even eliciting compliments after the transition to Palo Alto Networks. “There was an immediate speed increase on our network that everyone noticed,” explains Moss. “People actually called to ask what we did.” Fully confident in its ability to meet its legal and regulatory requirements, the district now enjoys a more robust capability for protecting its 57,000 students from an ever-increasing range of inappropriate content. “The PA-4000 Series helps us stop all the stuff we have to block by law,” adds Moss. “We just couldn’t get any other security products to do it before.”

A DOLLAR SAVED IS A DOLLAR FOR EDUCATION

Garland ISD now finds its network more secure and easier to manage. “Using the PA-4000 Series’ reporting tools I can solve a problem now in ten minutes that used to take me three hours to fix,” says Moss. “Everyone is amazed by what we can do with the Palo Alto Networks firewall. It certainly gives us the tools and network granularity we need to do our jobs.”

Using the PA-4000 Series, Garland ISD consolidated security functions, moved away from change-intensive port-based security, and reduced its need to re-image desktops. The district estimates it will save at least $80,000 in the first year of deploying Palo Alto Networks. “We began saving money the moment we turned on the PA-4000 Series,” adds Moss. “Maintenance and everything else is less time-consuming. The firewalls have been rock solid and one hundred percent stable. I tell everyone about it.”

ORGANIZATION:
Garland Independent School District

INDUSTRY:
Education

CHALLENGE:
Improve network visibility and security, gain control of applications and streamline infrastructure management.

SOLUTION:
Replace legacy firewall with Palo Alto Networks PA-4000 Series next-generation firewall for granular visibility of threats and better control of Internet applications.

RESULTS:
Enhanced safety and compliance.

Superior application visibility and control.

Faster network performance.

Lower costs – conservative estimate of $80,000 in savings in first year.