at a glance

CHALLENGE
Provide staff, teachers and students at 40 public schools with unimpeded access to digital educational tools and content while protecting them from exposure to cyberthreats.

ANSWER
Palo Alto Networks Security Operating Platform to provide a preventive approach to cybersecurity with complete visibility and granular control that allows legitimate network traffic to flow smoothly while blocking external threats that could obstruct the educational process.

SUBSCRIPTIONS
Threat Prevention, URL Filtering (PAN-DB)

APPLIANCES
PA-5050 (1), PA-3060 (1)

RESULTS

  • Ensures cybersecurity without impeding access to educational tools.
  • Proactively identifies new threats, avoiding days of reactive labor.
  • Provides local administrative visibility while maintaining central control.
  • Helps public schools stay ahead of the constantly shifting threat landscape.

Customer Overview
Aspire® Public Schools is a charter management organization focused on opening and operating small, high-quality college prep charter schools in low-income neighborhoods. Aspire currently has 40 community-based schools in California and Tennessee, serving more than 16,600 students from transitional kindergarten through 12th grade. Established in 1998 by longtime public school educator – now deputy director at the Bill & Melinda Gates Foundation® – Don Shalvey, and Silicon Valley entrepreneur and Netflix® founder Reed Hastings, Aspire Public Schools provides all its students with a positive, equitable opportunity to succeed in school and graduate prepared for ongoing success in college, careers and life.

Summary
Aspire Public Schools is an innovative charter management organization that operates 40 charter schools across California and in Tennessee. With so much of the education process digitized through online and school-site applications, Aspire required strong security to prevent cyberthreats from disrupting learning while ensuring access to essential tools and content. Recognizing Palo Alto Networks® as the global cybersecurity leader and innovator, Aspire replaced its legacy firewalls with Palo Alto Networks next-generation firewalls, core to the Security Operating Platform.

The Palo Alto Networks Security Operating Platform enables Aspire to intelligently prevent successful cyberattacks in its data centers as well as increase efficiency for staff, teachers and students who use digital education tools and content every school day. The platform makes it easy for IT to customize application-based security policies to precisely control network traffic without impeding flow. It also provides IT with highly granular visibility of traffic passing through the data center and engaging with the internet, including detailed reporting that simplifies and accelerates detection of potential issues before they affect the network or end users. As a result, Aspire can continue to embrace technology innovations to enhance learning with confidence that its network and data centers are protected against exploits and malicious content.

The Power of a Quality Education
Ask any great leader how to empower people to change the world, and you’ll get a profoundly simple answer: education. It’s fundamental to individual success and societal advancement. That’s why Aspire Public Schools is on a mission to provide students in low-income neighborhoods across the United States with high-quality education to increase their academic performance and give them the strongest foundation possible to succeed in college, careers and life.

Technology plays a crucial role in educating students in the digital age. Aspire has been on the forefront of hybrid learning systems that span online teaching tools, as well as school-site educational applications. Students and teachers are equipped with Chromebook™ laptops to facilitate access to the many educational resources at their disposal. Teachers can even take advantage of video conferencing to share classroom best practices and collaborate, helping each other continually improve their effectiveness.

For Brian Sullivan, systems and network manager at Aspire Public Schools, keeping this dynamic educational environment operating efficiently and securely is priority one. “The Palo Alto Networks Security Operating Platform has allowed us to pursue a very aggressive technical agenda to enhance learning across all the regions served by Aspire Public Schools. It gives us in IT the peace of mind to say ‘yes’ to new projects, knowing that we can deliver the necessary technical services within a well-protected network environment.”

Strict on Security Without Impeding Access
Aspire deployed one Palo Alto Networks next-generation firewall in its primary data center, which supports the majority of its schools in California and Tennessee, with another next-generation firewall in a secondary data center dedicated to schools in Los Angeles County. The data centers provide Aspire schools with point-to-point access to tools and data as well as a path to the internet.

By taking advantage of Threat Prevention and URL Filtering, Aspire ensures its network environment is protected against external cyberthreats and prevents users from accessing inappropriate or malicious websites. It also defends against cross-network spreading of malicious content or malware that might slip through email filters and other layers of protection.

Soon after implementing the next-generation firewalls, Sullivan saw Aspire’s data centers were being bombarded with probes from Russia and China attempting to breach the network. Fortunately, these attempts did not get through, and Sullivan was able to quickly enable geoblocking on the platform to stop such foreign threats from even knocking on the door.

Since then, Sullivan has continually refined security rules to monitor and control traffic, providing teachers and students with access to the educational tools they need while maintaining a strong defense against even the most sophisticated cyberthreats. This requires a great degree of granularity, which Sullivan says Palo Alto Networks does especially well.

“One of the things I like best about the Palo Alto Networks platform is how easy it is to build customized security profiles,” Sullivan remarks. “We take full advantage of App- ID in defining our rule sets, which makes it a lot harder for someone to spoof an application on our network. It allows us to be strict on intrusion prevention without impeding access to network services, which is essential for providing our schools with a safe, well-performing environment.”

Taking a Preventive Approach to Security
Another key benefit of the Security Operating Platform for Sullivan is the ease and flexibility of managing security across a widely distributed network of public schools. He’s able to grant regional managers read-only access so they can monitor traffic to spot unusual trends. From this, the regional managers can report concerns to the local school principal to take action, and Sullivan can update the security rules if needed.

“The monitoring capabilities on the Palo Alto Networks Next-Generation Firewall are significantly better than our previous firewall,” Sullivan notes. “The Palo Alto Networks firewall stores so many more logs and allows us to quickly filter for what we’re investigating in a really efficient way, which makes it a lot easier to spot things that may be an issue.”

Sullivan points out that increased visibility with detailed reporting is also key. “The reporting capabilities on the next-generation firewall are very powerful and a real time-saver when it comes to identifying potential issues. Imagine if we had to manually search for possible threats and during that time a breach occurred. We could spend 72 hours or more trying to remediate, whereas through our daily reporting, we can catch issues usually within one hour, before they ever become a problem. It allows us to take a much more preventive security posture versus a reactive one.”

Looking Ahead to What’s Next
At the end of the day, what’s most important to Sullivan is that the staff, administrators, teachers and students at Aspire Public Schools can participate in a thriving educational environment with confidence that they are not exposing private information or being exposed to malware and other cyber exploits. But as everyone in security understands, you can never let your guard down. Cybercriminals are always finding new ways to break through even the toughest defenses. That’s one of the reasons Sullivan values his partnership with Palo Alto Networks.

“Today, we have the visibility and control to keep traffic flowing smoothly and safely. But what about tomorrow?” Sullivan ponders. “Where are those attack vectors going to come from in the future? I like that the engineers at Palo Alto Networks are asking those same questions. They’re anticipating what the threat landscape will look like years down the road and planning for that today. It’s a comfort knowing that Palo Alto Networks shares the same security concerns we do, which is why they’re such a great partner for us going forward.”


 

Threat Prevention Datasheet

Today’s attackers are well-funded and well-equipped. They use evasive tactics to succeed in gaining a foothold in the network, launching both high-volume and sophisticated attacks while remaining invisible to an organization’s traditional defenses – from packet obfuscation, polymorphic malware and encryption to multi-phased payloads and fast-flux DNS.
  • 2
  • 22871

Autofocus Quick Demo

A quick demo about Autofocus
  • 3
  • 6151

Threat Prevention At-A-Glance

Organizations are still being breached at alarming rates. Attackers continue to evolve their tactics, and security products must keep pace to effectively protect the enterprise.
  • 1
  • 3948

Selective SSL Decryption for Threat Prevention

This paper lays out a basic approach that you can use to strike an appropriate balance between security and performance by selectively decrypting and inspecting SSL traffic based on policy.
  • 0
  • 7268

Seymour Public Schools

Seymour Public Schools was looking to replace their legacy Cisco firewalls, they checked the vulnerability of their existing system using a Security Lifecycle Review. The SLR report showed that more than 43,000 vulnerabilities were slipping past the legacy firewall. Because of this discovery they purchased the Palo Alto Networks Security Operating Platform.
  • 0
  • 152

Royal Air Forces Association

The RAF Association deployed the Palo Alto Networks Security Operating Platform, with the Next-Generation Firewall deployed in its data center and Azure public cloud.
  • 1
  • 128