Case Study

Complete, connected cybersecurity, and the human firewall

By standardising on a complete, connected Palo Alto Networks cybersecurity portfolio, King Abdullah University of Science and Technology (KAUST) is benefiting from intelligent, automated protection across its 30-million-square-meter campus and worldwide. An innovative ‘Human Firewall Program’ augments this visionary strategy, delivering comprehensive, risk-based cybersecurity awareness and training.

In brief


King Abdullah University of Science and Technology


Higher education

Organization Size

30 million-square-meter campus with over 1,000 Master’s and Ph.D. students


Thuwal, Saudi Arabia

    Avoid the ‘checkbox’ approach to cybersecurity. Enable students, professors, and researchers to think—freely focusing on study and research, without being restricted by intrusive security policies and controls.
  • Intelligent, unified cybersecurity portfolio to protect data wherever it resides.
  • Enable confident collaboration across borders.
  • Enable successful migration to the cloud.
  • Automate consistent security across cloud, hybrid, and on-premises environments.
  • Discover, monitor, and protect sensitive data automatically across the network.

Palo Alto Networks ML-Powered Next-Generation Firewalls, VM-Series Virtual NGFWs, Advanced URL Filtering, Threat Prevention (IPS/IDS), WildFire, DNS Security, GlobalProtect™, and Cortex XDR Pro.

Download PDF Share


Collaborative research and education

Few higher education institutions have emerged so quickly and so successfully as KAUST. Located on the Red Sea coast in Saudi Arabia, this vast, internationally renowned facility offers interdisciplinary study and research supported by an academic community of faculty members, postdoctoral fellows, and research scientists. KAUST was also the first mixed-gender university campus in Saudi Arabia.

KAUST is not just a university—it’s a city. More than 100 nationalities work and live across a campus that spans 14 square miles and encompasses a marine sanctuary, golf course, museum, and research facility. It’s the Middle East’s largest research center, and it’s not surprising their data is also growing exponentially—200GB of logged network traffic is processed every day, for instance.

Ed Sleiman, KAUST’s Head of Information Security, is responsible for cybersecurity across the vast, complex landscape. He has an extraordinary vision for the university’s future. ‘Data is as valuable as oil,’ he explains. ‘We want students, research staff, and lecturers to use data to think and collaborate freely. And they want to work confidently without fear their data is being compromised.’

According to Sleiman, the traditional perimeter security model is history. ‘The edge is now the cloud—and that can be anywhere. As a university with a global reach, our students connect with the KAUST IT environment from all four corners of the world. We need to follow the data wherever it resides, not enforce outdated perimeter models.’

Saudi Aramco, one of the world’s largest energy companies, is a founding partner of KAUST. When Saudi Aramco was hit by the Shahoom virus in 2012, it triggered a security transformation at the university, with new investment in cybersecurity people, technology, and processes. ‘Our strategy is to adopt a multilayer, risk-based approach to cybersecurity,’ says Sleiman.

So why choose Palo Alto Networks? Sleiman shares, ‘We always assess the risk first and then determine the controls needed to mitigate that risk. In this instance, the analyst community was used to shortlist cybersecurity leaders for technical evaluation. Several vendors came close, but what distinguished Palo Alto Networks was its people. They want to build a long-term relationship; they are honest, sincere, and extremely professional. Mutual respect and trust are at the heart of this relationship.’


We want students, researchers, and professors to use data to enable them to think and collaborate freely. And they want to work confidently without fear their data is being compromised.

Ed Sleiman, Head of Information Security, King Abdullah University of Science and Technology


Extend protection across the university ‘city’

Sleiman and his team identified multiple requirements for the modern cybersecurity architecture:

  • Introduce a forward-thinking, intelligent cybersecurity strategy to protect a vast Saudi Arabian campus.
  • Enable people to collaborate cross-border with confidence, free from cybersecurity risk.
  • Extend protection across the ‘city’ to all personal domestic devices and endpoints.
  • Support the move to Microsoft Azure® by extending on-premises cybersecurity into the cloud.
  • Support a growing smart campus with potentially thousands of IoT deployments.
  • Prevent successful cyberattacks with an automated approach that delivers consistent security across cloud, hybrid, and on-premises environments.

‘Our risk appetite defines what we do. Our cybersecurity model needed to flex in line with the evolving university strategy, especially as we moved to the cloud and migrated our ERP systems to Microsoft Azure,’ says Sleiman.


Sealing off security gaps

KAUST has introduced a comprehensive, connected Palo Alto Networks cybersecurity portfolio spanning the entire city and beyond. Palo Alto Networks PA-Series Next-Generation Firewalls protect on-premises, and VM-Series Virtual Next Generation Firewalls ensure their journey into the cloud started with a successful ERP migration to Microsoft Azure. This comprehensive portfolio delivers high performance, high throughput security and eliminates security gaps.

Seamlessly integrated Cloud-Delivered Security Services (CDSS) provide enterprise-grade data security in the cloud, monitoring data automatically across the network. DNS Security, for example, applies predictive analytics and machine learning (ML) to prevent attacks that use DNS for command and control (C2) or data theft. This module has been consistently blocking 5% of DNS traffic, which it deemed malicious, improving KAUST’s security posture. Advanced URL Filtering also uses inline ML to stop both known and unknown web-based attacks in real time. WildFire® malware prevention service automatically analyses any file-based threat and distributes preventions in seconds or less, and Threat Prevention goes beyond basic intrusion prevention systems and intrusion detection systems (IPS/IDS), preventing known vulnerabilities and malware. This combination of cloud-delivered technologies delivers the best-in-class protection needed to stop today’s and tomorrow’s attacks at multiple stages within the attack lifecycle.


People are our biggest cybersecurity risk, but they’re also our greatest line of defense. The Human Firewall Program is a comprehensive cybersecurity awareness program, which presents a risk-based approach to security awareness and training.

Ed Sleiman, Head of Information Security, King Abdullah University of Science and Technology

More recently, KAUST has introduced Palo Alto Networks Cortex® XDR™ with the Host Insights module to block advanced malware, exploits, and fileless threats from attacking endpoints. Cortex XDR uses behavioural threat protection, AI, and cloud-based analysis to profile people’s behaviour and detect anomalies indicative of an attack. Analytics also enable Sleiman’s team to spot adversaries attempting to blend in with legitimate users.

The Host Insights module boosts the power of Cortex XDR to enable KAUST’s security team to identify and contain threats quickly and accurately. The Host Insights module includes:

  • Search and Destroy: Instantly find and eradicate threats anywhere in an environment.
  • Vulnerability Management: Real-time visibility into vulnerability exposure and current patch levels across endpoints to identify risk and prioritize mitigation.
  • Host Inventory: View information about users, groups, applications, services, drivers, autoruns, shares, disks, and more.

‘Cortex XDR is an excellent product. Palo Alto Networks has evolved the technology to the extent it truly is a best-ofbreed product in the market,’ adds Sleiman.

While security technology and processes are vital in safeguarding the university’s assets, Sleiman is also innovating a people-centric security model, which he coins the ‘Human Firewall Program.’ ‘People are our biggest cybersecurity risk, but they’re also our greatest line of defense,’ he says. ‘The Human Firewall Program is a comprehensive cybersecurity awareness program, which presents a risk-based approach to security awareness and training.’

Among many Human Firewall Program initiatives, Sleiman has introduced a points-based system for people. They receive merit points for attending security training, for example, or reporting a phishing attempt, but demerit points for violating a security policy or other risky activity, like falling for a real phish or a simulation his team conducts on a regular basis. Points add up to a risk score for each individual, which determines their rules and privileges. This initiative, together with other Human Firewall Programs like ‘escape rooms’ and team events, are continually building awareness of cybersecurity and the surrounding threats and provide a measurable approach to awareness.


As one of the first education organizations in Saudi Arabia to migrate our ERP systems to Microsoft Azure, Palo Alto Networks VM-Series Virtual Firewalls gave us complete visibility, application-based policies, and advanced threat inspection with the high performance you’d expect using Microsoft Azure.

Ed Sleiman, Head of Information Security, King Abdullah University of Science and Technology


Think freely, collaborate closely

This connected cybersecurity ecosystem enables thousands of students, researchers, and administrators to think freely and creatively, sharing data collaboratively across borders as nomads. The university’s ‘defend-in-depth’ strategy— underpinned by Palo Alto Networks—enables KAUST to apply its know-how, technology, IP, and people, to address significant challenges.

‘Our data is global. With Palo Alto Networks, we can take control of known and unknown data wherever it resides. Unified cybersecurity protects data without inhibiting the way people study and work,’ says Sleiman.

Making life easier

The Palo Alto Networks portfolio enables KAUST to monitor and protect data more easily and cost-effectively. There is one common system, one vendor, and one strategy under management. The systems talk to one another and integrate seamlessly.

Sleiman explains, ‘The connected Palo Alto Networks portfolio cuts out headaches. We have multilayer controls at the perimeter, network layer, endpoint layer, and the human layer. If one component misses a threat, another catches it. Imagine doing that with multiple security vendors! We’d be overwhelmed with license agreements, complex integrations, and varying SLAs. With Palo Alto Networks, I have one vendor I trust implicitly.’


Sleiman and his team conduct regular independent penetration tests, frequently hiring ethical hackers to attempt to bridge the university’s defenses. According to Sleiman, they haven’t succeeded. ‘My team isn’t even aware when these ethical hackers are operating. However, what they do know is that the Palo Alto Networks portfolio stops every vulnerability and threat.’

Protects ERP systems on Microsoft Azure

KAUST recently migrated its ERP systems to Microsoft Azure—one of the first education organizations in Saudi Arabia to do so. The Palo Alto Networks portfolio protects this cloud environment, with the VM-Series Virtual Firewalls complementing Azure security with application-based policies that prevent threats and data loss. KAUST benefits from complete visibility into ERP application traffic, advanced threat inspection of allowed traffic, extensive automation, and centralized management. Additionally, the VM-Series Virtual Firewall institutes security best practices across ERP systems, from the data centre to Azure and other public clouds and edge locations.

Protecting an entire city

The KAUST IT team currently supports approximately 20% of all IT assets, but an additional 80% reside across the city. Every household on campus, for example, has an average of 3.5 devices, such as a smart device, iPad, or watch. The vision is to extend data protection across the entire city.

‘If any of these devices enter the KAUST network, it’s an immediate threat if not protected properly,’ says Sleiman. ‘We will therefore be extending Cortex XDR to all users, irrespective of their role or location.’

Defense against IoT attacks

KAUST is currently implementing Palo Alto Networks IoT Security as part of the university’s ‘Smart Home’ project. The aim is to take control of the vast array of IoT devices across the city—devices that often ship with vulnerabilities and are susceptible to attacks.

‘Palo Alto Networks IoT Security will give KAUST complete visibility and management of thousands of IoT devices. The built-in threat prevention, malware analysis, and DNS prevention will stop all threats headed for these IoT devices. And of course, it is connected seamlessly with the rest of the Palo Alto Networks ecosystem, preventing a new management burden.’


Our data is global. With Palo Alto Networks, we can take control of known and unknown data wherever it resides. Unified cybersecurity protects data without inhibiting the way people study and work.

Ed Sleiman, Head of Information Security, King Abdullah University of Science and Technology

Cortex® XDR™ is the world’s first extended detection and response platform that gathers and integrates all security data to stop sophisticated attacks. It unifies prevention, detection, investigation, and response in one platform for unrivaled security and operational efficiency. As the ONLY vendor with 100% Prevention and 100% Analytic Coverage in the MITRE Engenuity ATT&CK® Round 5 evaluations, Cortex XDR lets you rest easy, knowing your data is safe.

Palo Alto Networks ML-Powered Next-Generation Firewalls embed machine learning directly in the core of the firewall to provide real-time IoT device identification and inline, signatureless attack prevention. Dive into the e-book on ML-Powered NGFWs. Cloud-Delivered Security Services (CDSS) reduce manual tasks and enhance security posture with a self-updating security platform that augments global threat intelligence to automatically counter attacks in near-real time. Read the Forrester Consulting Total Economic Impact™ Study on CDSS.