UNIVERSITY OF PORTSMOUTH:
The University of Portsmouth is ranked among the top 500 universities in the world. Among the University’s many prestigious departments is its internationally-renowned Institute of Cosmology and Gravitation. The University of Portsmouth’s student body numbers nearly 22,000 supported by 2,500 staff.
Strengthen security and increase throughput from 1 to 10GB to improve network performance and capacity, and provide complete visibility and security across the campus.
Palo Alto Networks® Next-Generation Security Platform, Threat Prevention, IPS, and Panorama™ management
Panorama on VM-Series, Threat Prevention
The University of Portsmouth relies heavily on its network to support its academic mission. With the constant demand for reliable and high performance Internet services, coupled with the huge increase in devices connecting to Wi-Fi, the University upgraded its Janet link to 10GB to improve network responsiveness, improve security and expand services to faculty and students.
“The University of Portsmouth upgraded its Janet network connections to 10GB. Jisc’s network, Janet, is the U.K.’s high-speed network for the U.K. research and education community.”
In addition to providing connectivity, the Janet service provides access to a wide range of services such as videoconferencing, web mail, ISPs, and research services. The network is considered mission-critical to the country’s knowledge economy.
Resource and bandwidth availability, network reliability and responsiveness, and security, are always primary concerns for educational institutions. “On a weekly basis we have over 50,000 devices connecting to our wireless network, and over 16,000 unique devices across the rest of the network,” says James Holland, Network and Security Services Manager, University of Portsmouth. “In addition to usage by students and staff, every department has specific bandwidth needs. For example, our HPC (High Performance Computing) center and internationally-leading cosmology department need to download and quickly process huge files.”
University networks are challenged to deliver ever-increasing bandwidth and support for emerging services. “Performance and latency are often issues for institutions to balance against the need to maintain a high level of security,” says Guy Jermany, Technical Director for Khipu Networks, the University of Portsmouth’s longtime strategic IT partner. “Poor service or downtime hinders research and their academic mission.”
The University of Portsmouth relies on its network to fuel innovative research. It had only been able to utilize 1GB of bandwidth from Janet due to the throughput limitations of its incumbent firewalls. An upgrade to Janet’s 10GB connection was a high priority because it would enable faster, more reliable connectivity and access to additional services for users. “We knew that future problems would occur if we didn’t upgrade and replace our existing firewall estate soon,” says Holland. “People expect to be able to do things they do at home whilst they are on campus. They want to access the same resources and tools without issue, no matter which device they use or how it’s configured. It’s our job to enable this securely for them.”
Like many educational institutions, the University of Portsmouth balances academic freedom and flexible network access with security and resource consumption concerns. “We have a fairly liberal attitude towards access, but we have to keep users and the business side secure,” says Holland. “Like all institutions, we’re continually under attack from hackers, DDoS, and malware. In the past, most malware tried to bring down the network just to annoy businesses, but there has been a shift from ‘disruptive malware’ aimed at causing problems to networks to ‘criminal malware’ aimed at generating profit for criminals. Nowadays it’s much more about trying to get information about people to monetize it. We must protect research, personal, and financial data, and restrict and control who can access specific types of data and on which networks.”
The university needed visibility into traffic at the application level and access control by user to improve protection. “When nearly everything is open for academic use, and you have all kinds of BYOD and other devices online, seeing and controlling traffic to contain malware and limit cybersecurity attacks is critical,” says Holland.
The University of Portsmouth’s existing firewalls couldn’t meet the university’s need for more throughput and visibility. “They were starting to struggle with 1GB and couldn’t take us to 10GB of throughput, plus they were port-based, lacked visibility and had reached end-of-support, which would have created unacceptable vulnerabilities and risk,” says Holland.
Khipu Networks is a cybersecurity company delivering a wide range of network, wireless and security solutions, technologies, and services. Due to its extensive experience within higher education, the University of Portsmouth partnered with Khipu to help it devise and implement a plan to enable it to upgrade and secure a 10GB Janet link. “We wanted a solution that would provide a resilient architecture for several locations, high throughput with all of the best threat prevention tools, app-based rules, and great visibility,” says Holland. “Our goal was to help the university move to an innovative technology that’s application-aware so they could be more proactive about threats,” says Jermany.
Khipu Networks has partnered with Palo Alto Networks since 2010, holds the highest level of accreditation, and is a Platinum Partner, Authorized Service Centre (ASC) and Certified Professional Services Partner (CPSP).
Khipu Networks proposed Palo Alto Networks Next-Generation Security Platform with Threat Intelligence Cloud, and Advanced Endpoint Security. The security platform delivers application, user and content visibility and control, as well as protection against network-based cyberthreats integrated within the device through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyberattacks.
Khipu also recommended that the deployment include Palo Alto Networks Panorama network security management. Panorama, running on a virtual appliance, provides centralized management and logging capabilities for organizations to easily manage all security platforms from one location and interface and quickly deploy uniform polices to all devices.
“Our team, working with James’ team, completed the design, integration, implementation, migration, commissioning, and support,” says Jermany. “During the initial security review, we also ran a Security Lifecycle Report on Palo Alto Networks for the university to show them how it would work in their environment and meet their requirements.”
“We were impressed with what we saw in the demonstration of the Palo Alto Networks security platform,” says Holland. “We went through our procurement process, explored what’s best on the market, and scored all candidates in our evaluation process; and Khipu’s proposal, based on Palo Alto Networks came out on top. Palo Alto Networks offered the best value for the money and demonstrates best-of-breed. It’s clear they’re a dedicated security company, whereas some other vendors just have security in their portfolio.”
Two Palo Alto Networks PA-5060 next-generation firewalls were deployed in high availability at the university’s data centers, along with a subscription to Threat Prevention, including IPS and Panorama. “We were all really impressed with how well the deployment went and Khipu was great,” says Holland. “We put our rule sets through and Khipu helped get our policies switched over, refined, and set up; and the migration was done on time and on schedule with no real issues.”
Immediately, Holland and his colleagues noticed a difference. “Visibility and throughput is significantly better,” he says. “Before, we trawled through logs to get information, but now we can see the biggest risks, where they’re coming from, which apps are being used and more. The information and detail is fantastic.”
Panorama is easing IT management burdens and policy deployment and upkeep, and contributing to increased network visibility. “Our IT staff has lots of projects, initiatives and systems to run,” says Holland. “We’re always keen on solutions that are easy to manage and that can collapse multiple functions into one box.”
Palo Alto Networks security platform has been deployed at the university for nearly a year now, and is easily handling the university’s upgraded 10GB Janet link. “We rely on the Internet and on external resources like Google Mail, Google Apps - essentially cloud services, which consume bandwidth,” says Holland. “In addition, our research departments communicate and collaborate with other universities and commercial companies, so the network is a 24/7 operation that has to be up and be reliable. Palo Alto Networks ensures we get 10GB of bandwidth, solid uptime, and secure all traffic and communications.”
The deployment of the Palo Alto Networks PA-5060s, and securing throughput, users, and the university’s assets, is only one step in a multiphase process. “In the next phase, we switched from our current VPNs for off-site access to managing and securing remote access with the VPN on our Palo Alto Networks PA-5060s,” says Holland. “We have also deployed Khipu Networks’ KARMA (Khipu Automated Remote Monitoring Application) Service for proactive monitoring of the health of our Next-Generation Firewall environment and other security systems.”
The University of Portsmouth is pleased that it decided to entrust its security to Palo Alto Networks. By doing so, it can realize all the benefits of faster and more bandwidth to ensure network responsiveness, improve security, and avail itself of all of the services and benefits Janet has to offer its users. “It’s clear Palo Alto Networks is a company of security experts,” says Holland.