Provide staff, teachers and students at 40 public schools with unimpeded access to digital educational tools and content while protecting them from exposure to cyberthreats.
Palo Alto Networks Security Operating Platform to provide a preventive approach to cybersecurity with complete visibility and granular control that allows legitimate network traffic to flow smoothly while blocking external threats that could obstruct the educational process.
Threat Prevention, URL Filtering (PAN-DB)
PA-5050 (1), PA-3060 (1)
Aspire® Public Schools is a charter management organization focused on opening and operating small, high-quality college prep charter schools in low-income neighborhoods. Aspire currently has 40 community-based schools in California and Tennessee, serving more than 16,600 students from transitional kindergarten through 12th grade. Established in 1998 by longtime public school educator – now deputy director at the Bill & Melinda Gates Foundation® – Don Shalvey, and Silicon Valley entrepreneur and Netflix® founder Reed Hastings, Aspire Public Schools provides all its students with a positive, equitable opportunity to succeed in school and graduate prepared for ongoing success in college, careers and life.
Aspire Public Schools is an innovative charter management organization that operates 40 charter schools across California and in Tennessee. With so much of the education process digitized through online and school-site applications, Aspire required strong security to prevent cyberthreats from disrupting learning while ensuring access to essential tools and content. Recognizing Palo Alto Networks® as the global cybersecurity leader and innovator, Aspire replaced its legacy firewalls with Palo Alto Networks next-generation firewalls, core to the Security Operating Platform.
The Palo Alto Networks Security Operating Platform enables Aspire to intelligently prevent successful cyberattacks in its data centers as well as increase efficiency for staff, teachers and students who use digital education tools and content every school day. The platform makes it easy for IT to customize application-based security policies to precisely control network traffic without impeding flow. It also provides IT with highly granular visibility of traffic passing through the data center and engaging with the internet, including detailed reporting that simplifies and accelerates detection of potential issues before they affect the network or end users. As a result, Aspire can continue to embrace technology innovations to enhance learning with confidence that its network and data centers are protected against exploits and malicious content.
The Power of a Quality Education
Ask any great leader how to empower people to change the world, and you’ll get a profoundly simple answer: education. It’s fundamental to individual success and societal advancement. That’s why Aspire Public Schools is on a mission to provide students in low-income neighborhoods across the United States with high-quality education to increase their academic performance and give them the strongest foundation possible to succeed in college, careers and life.
Technology plays a crucial role in educating students in the digital age. Aspire has been on the forefront of hybrid learning systems that span online teaching tools, as well as school-site educational applications. Students and teachers are equipped with Chromebook™ laptops to facilitate access to the many educational resources at their disposal. Teachers can even take advantage of video conferencing to share classroom best practices and collaborate, helping each other continually improve their effectiveness.
For Brian Sullivan, systems and network manager at Aspire Public Schools, keeping this dynamic educational environment operating efficiently and securely is priority one. “The Palo Alto Networks Security Operating Platform has allowed us to pursue a very aggressive technical agenda to enhance learning across all the regions served by Aspire Public Schools. It gives us in IT the peace of mind to say ‘yes’ to new projects, knowing that we can deliver the necessary technical services within a well-protected network environment.”
Strict on Security Without Impeding Access
Aspire deployed one Palo Alto Networks next-generation firewall in its primary data center, which supports the majority of its schools in California and Tennessee, with another next-generation firewall in a secondary data center dedicated to schools in Los Angeles County. The data centers provide Aspire schools with point-to-point access to tools and data as well as a path to the internet.
By taking advantage of Threat Prevention and URL Filtering, Aspire ensures its network environment is protected against external cyberthreats and prevents users from accessing inappropriate or malicious websites. It also defends against cross-network spreading of malicious content or malware that might slip through email filters and other layers of protection.
Soon after implementing the next-generation firewalls, Sullivan saw Aspire’s data centers were being bombarded with probes from Russia and China attempting to breach the network. Fortunately, these attempts did not get through, and Sullivan was able to quickly enable geoblocking on the platform to stop such foreign threats from even knocking on the door.
Since then, Sullivan has continually refined security rules to monitor and control traffic, providing teachers and students with access to the educational tools they need while maintaining a strong defense against even the most sophisticated cyberthreats. This requires a great degree of granularity, which Sullivan says Palo Alto Networks does especially well.
“One of the things I like best about the Palo Alto Networks platform is how easy it is to build customized security profiles,” Sullivan remarks. “We take full advantage of App- ID in defining our rule sets, which makes it a lot harder for someone to spoof an application on our network. It allows us to be strict on intrusion prevention without impeding access to network services, which is essential for providing our schools with a safe, well-performing environment.”
Taking a Preventive Approach to Security
Another key benefit of the Security Operating Platform for Sullivan is the ease and flexibility of managing security across a widely distributed network of public schools. He’s able to grant regional managers read-only access so they can monitor traffic to spot unusual trends. From this, the regional managers can report concerns to the local school principal to take action, and Sullivan can update the security rules if needed.
“The monitoring capabilities on the Palo Alto Networks Next-Generation Firewall are significantly better than our previous firewall,” Sullivan notes. “The Palo Alto Networks firewall stores so many more logs and allows us to quickly filter for what we’re investigating in a really efficient way, which makes it a lot easier to spot things that may be an issue.”
Sullivan points out that increased visibility with detailed reporting is also key. “The reporting capabilities on the next-generation firewall are very powerful and a real time-saver when it comes to identifying potential issues. Imagine if we had to manually search for possible threats and during that time a breach occurred. We could spend 72 hours or more trying to remediate, whereas through our daily reporting, we can catch issues usually within one hour, before they ever become a problem. It allows us to take a much more preventive security posture versus a reactive one.”
Looking Ahead to What’s Next
At the end of the day, what’s most important to Sullivan is that the staff, administrators, teachers and students at Aspire Public Schools can participate in a thriving educational environment with confidence that they are not exposing private information or being exposed to malware and other cyber exploits. But as everyone in security understands, you can never let your guard down. Cybercriminals are always finding new ways to break through even the toughest defenses. That’s one of the reasons Sullivan values his partnership with Palo Alto Networks.
“Today, we have the visibility and control to keep traffic flowing smoothly and safely. But what about tomorrow?” Sullivan ponders. “Where are those attack vectors going to come from in the future? I like that the engineers at Palo Alto Networks are asking those same questions. They’re anticipating what the threat landscape will look like years down the road and planning for that today. It’s a comfort knowing that Palo Alto Networks shares the same security concerns we do, which is why they’re such a great partner for us going forward.”