Enable reliable, secure access to network services and internet applications for thousands of students and university staff generating high volumes of traffic
Palo Alto Networks® Security Operating Platform with high-capacity next-generation firewalls deployed in a high availability configuration, enabled with threat prevention and integrated cloud-based threat analysis
Threat Prevention, Panorama, WildFire
PA-5060 (2), PA-5050 (2)
The North-West University is a South African institute of higher education focused on teaching, learning and research. Located in the North West and Gauteng provinces, NWU has three main campuses serving more than 68,000 students with a staff of nearly 7,000 administrative and academic professionals. Formed in 2004 through the merger of two universities, NWU is one of the largest universities in South Africa, providing a broad range of academic studies through a unified system that celebrates and promotes diversity.
One of the largest universities in South Africa, North-West University must handle large volumes of traffic on its network, connecting students and staff across multiple campuses separated by hundreds of kilometers. NWU’s throughput demands grew so much that its legacy firewalls could no longer handle the volume and began causing frequent service disruptions. The university’s IT team recognized that a traditional approach to network security was no longer adequate. Therefore, they consulted with multiple IT advisors, including the university’s trusted IT advisors and Palo Alto Networks Platinum ASC and CPSP partner KHIPU Networks to recommend an alternative. KHIPU loaned NWU a Palo Alto Networks Next-Generation Firewall to put in production and evaluate its effectiveness. Almost immediately, the service issues were resolved.
Today, NWU has fully embraced the Palo Alto Networks Security Operating Platform, having deployed next-generation firewalls in a high availability configuration at three of their data centers to prevent cyberthreats with integrated threat intelligence and enable secure, high-performance for users to access private network services and the internet. The university not only got the next-generation security capabilities it needed but also a strong return on investment with a platform that will handle continued traffic growth for many years to come.
Keeping Up With High Volumes of Network Traffic
Large universities can often be like their own mini-metropolises, requiring extensive infrastructure and services – everything from administration and communication systems to healthcare and food services. Imagine such a university metropolis spread across multiple campuses hundreds of kilometers apart. This describes North-West University in South Africa.
With more than 68,000 students, thousands of academic and administrative staff members, and dozens of course offerings for both in-classroom and distance learning, NWU relies heavily on its private network as well as access to the public internet. In fact, network traffic was growing so much that the university needed to upgrade its connectivity. However, as the upgrade project got underway, NWU’s legacy firewalls started to falter, unable to handle the high levels of throughput or detect zero-day threats. This resulted in frequent service disruptions and left the infrastructure vulnerable to cyberthreats.
Flip van Schalkwyk, NWU’s manager of IT infrastructure, remarks, “We had a traditional port-based firewall with rule sets that made it very sluggish. This led to a lot of latency when users tried to access services. When we were going through our network upgrade, the old firewall infrastructure could no longer support the number of user sessions and started failing.”
He continues, “We were in the middle of a crisis and knew we could not simply upgrade our traditional firewalls. We needed a next-generation platform with the capacity to handle our volume of traffic and deliver the advanced security to protect our infrastructure. It was as simple as that.”
Meet the Challenge With Next-Generation Network Security
Confident in the initial results, van Schalkwyk worked with KHIPU to expand the implementation of the Palo Alto Networks Security Operating Platform, deploying next-generation firewalls in a high availability configuration at three of NWU’s data centers. The next-generation firewalls are enabled with Threat Prevention to secure the university’s private network and enable secure breakout to the internet. NWU also takes advantage of the WildFire® malware prevention service to prevent zero-day exploits and malware.
Throughout the implementation, van Schalkwyk and his team worked hand in hand with KHIPU to ensure that the transition from the legacy firewalls to the Security Operating Platform was as smooth as possible. “We could not afford any downtime in our network because students and faculty need access to services all times of the day and night,” van Schalkwyk notes. “As a Palo Alto Networks specialist, KHIPU was able to verify all configurations with their senior engineers and ensure we followed best practices to minimize any impact on our network services during the transition.”
For centralized administration of the entire Palo Alto Networks estate over NWU’s far-flung campuses, van Schalkwyk relies on Panorama™ network security management. Panorama provides deep visibility into all activity on the network, and streamlines configuration updates, log analysis and reporting.
Van Schalkwyk points out, “Instead of logging in to four different firewalls and manually configuring each one, Panorama gives us one central console to make whatever changes I need, and then apply them to all the firewalls at once. A basic configuration update that might have taken 20 minutes or more in the past, now is done in a few minutes. It’s those little minutes saved that help us tremendously. For example, sometimes we have to make changes on the fly in response to an incident, and doing that quickly minimizes any impact on our users. That’s where Panorama really gives us a big advantage.”
High-Capacity Network Security With Strong ROI
Since implementing the Palo Alto Networks platform, NWU now has the performance and capacity to not only handle its current high level of network traffic but also support projected growth for several years down the road. That’s going to enable the university to get 5–7 years of service from the platform, providing a much stronger return on investment compared to competitive offerings.
“With other vendors, you have to upgrade their firewalls every two or three years because they can’t keep up with growth,” says van Schalkwyk, “The Palo Alto Networks next-generation firewalls are designed for high-density environments and can support our needs at least twice as long as the others, which gives us much more bang for our buck.”
Using Intelligence to Prevent Successful Attacks
In addition to providing NWU with great value, the Palo Alto Networks platform also delivers on the university’s most important security requirements with a preventive, next-generation approach to network security that keeps even the most elusive cyberthreats at bay. According to van Schalkwyk, one of the key attributes of Palo Alto Networks Next-Generation Firewall is App-ID™ technology, which provides visibility and control at the application level rather than just by port or protocol. This not only enables more granular policies but also helps the IT team conduct a detailed assessment of network events to determine an effective response.
“Having good and reliable information – that’s what makes a difference,” van Schalkwyk asserts. “It’s about having the information readily available to properly investigate events and take appropriate action, whether it’s reactively or proactively.”
A prime example was when NWU got hit with a zero-day malware attack. With assistance from KHIPU, van Schalkwyk and his team were able to zero in on the exact location of the malware, send it up to WildFire for analysis, and create a block on the next-generation firewall to prevent the malware from executing its command-and-control component.
“Responding to a zero-day attack might have taken us days in the past, but with the Palo Alto Networks platform and quick help from KHIPU, we had it disabled almost immediately,” van Schalkwyk reports. “The response was above expectations and confirms that we have a real incident response process.”
Empowering Users With Easy, Secure Access to Network Services
Another important benefit of the Palo Alto Networks platform is the ease with which users can access internet services. In the past, NWU needed proxy and cache servers to facilitate access to web content or cloud services. Now, everyone in the university can access the services they need directly with no need for cache or proxy servers.
“Configuring proxies for every user request or adding various firewall rules was a nightmare, and people found ways to circumvent it,” says van Schalkwyk. “With the Palo Alto Networks platform, there’s no need for users to go through it, which improves their efficiency and productivity while keeping them secure. It also frees up IT to focus on other more important tasks.”
He concludes, “Without a next-generation firewall we wouldn’t be able to offer cloud services for our users. If you don’t have the technology to monitor those services and analyze the traffic, you won’t have the visibility to see where the users are going in the cloud. All you’d have is an IP address. But with the Palo Alto Networks platform we can see everything that’s going to the cloud as well as what’s utilized on our network. This not only helps us identify potential risks but also to understand the services people use most so we can plan better to ensure we meet their ongoing needs. We are very pleased with the solution as its proving real return on investment.”