Threat intelligence to outsmart bad actors
DBO operates a PA-5050 Next-Generation Firewall for Achievement First, providing Stewart and his team with access to the firewall management plane for direct visibility and control. The Next-Generation Firewall is configured with Threat Prevention and URL Filtering as well as WildFire®, a malware prevention service that automatically identifies and thwarts malicious executables that enter through the network.
Stewart notes, “A lot of our malicious traffic comes via email and someone clicks on a link. Now they’re blocked from accessing the link because Palo Alto Networks has used threat intelligence to block that link in our environment.”
Having direct access to the Next-Generation Firewall with the ability to establish standard sets of rules based on App-ID™ and User-ID™ technology provides Stewart and his team with the control they want to make changes more quickly and efficiently. “Previously, if we wanted an external NAT [Network Address Translation] for one of our services, we had to coordinate with DBO. Now, we can create that NAT ourselves using a standard set of protocols. For example, if the only ports I want for that NAT are HTTP and HTTPS, we have a set group of protocols that I can just apply. It’s standardized, so I know the protocols are applied consistently. Since moving to Palo Alto Networks, we’re bringing much more consistency and standardization to our network, which reduces the chance for human error and makes our network more secure.”
Achievement First also uses GlobalProtect™ for network security on endpoints, extending the same level of security to mobile users to allow them to securely connect to the school network. These users are primarily members of the IT team but include a few others as well, such as the data analysis team.
“I appreciate the fact that, with GlobalProtect, anyone coming in remotely is passing through the same security as everyone else on our network,” Stewart remarks. “I also like that since GlobalProtect is connected to Active Directory, we can put people in groups, and if someone leaves the organization, we can just take them out of the group and they no longer have access. That’s a level of security we didn’t have before.”
One of the most valuable capabilities Achievement First relies on is SSL Decryption. With more and more traffic being encrypted, Stewart’s team needed a way to get inside that traffic and inspect for anything malicious. Stewart explains the motivation behind enabling SSL Decryption: “We were having a bandwidth problem a few years back, and we couldn’t tell if certain traffic was the cause because it was encrypted. Using SSL Decryption, we discovered it was Google traffic coming all at once from all our Chromebooks. Once we identified it, we were able to make changes and resolve the bandwidth issue.”
He adds, “SSL Decryption is really big for us because, now, we’re able to monitor all the traffic traversing our network and make sure it’s not malicious.”