Case Study

Optimising network security and remote connectivity to drive higher education success

In brief

Customer

The University of Sunderland

Industry

Higher Education

Country

UK

Organisation Size

27,000+ students

Partner

KHIPU

Challenge

Following a significant cyberattack, which halted operations for several days, the University needed a radical new approach to cybersecurity, focused on reliable and effective risk prevention.

Solution

Palo Alto Networks® Security platform:

  • ML-Powered Next-Generation Firewalls
  • Prisma® Access

Benefits

  • Secures higher education into the future.
  • Reduces costs.
  • Increases administration productivity.
  • Enables “work-from-anywhere” strategy.
  • Helps University meet compliance goals.
INTRODUCTION

The University of Sunderland is delivering modern, agile, secure, and compliant higher Education Services using a single, connected Palo Alto Networks platform.

In the wake of a significant cyberattack, the University of Sunderland needed to rapidly review its cybersecurity strategy. A change came in the form of Palo Alto Networks and KHIPU Networks. A single, unified network security and secure access service edge (SASE) platform strategy is helping to secure the University’s technical security integrity – and its future.

Intelligent security automation and AI are safeguarding the University’s assets and enabling the IT team to concentrate on delivering to the University strategy. The institution’s hybrid work environment is evolving rapidly and now students and staff have the flexibility to study and work securely at anytime from anywhere. The increasing need for rigorous compliance assists in developing and maintaining ISO 27001 and CyberEssentials certification.

CHALLENGE

Fast-multiplying digital attack surface

The University of Sunderland has a long-established commitment to widening participation, world-leading research, and public and private sector collaborations. Its campuses span the North East of England, London, and Hong Kong, together with partnerships in 15 other countries. Ranked as a top 50 university in the Guardian University Guide 2024, the University has approximately 27,500 students.

Universities have a fast-multiplying digital attack surface comprising vast volumes of intellectual property, personal data, and research insights. And as most higher education institutions will testify, that makes it vulnerable to cyberattacks.

“We needed to maintain a fast, open, and collaborative campus while still being secure and resource efficient,” says Laura Baker, Assistant Director of Technical Services at the University. “To do that, we required complete visibility and remediation of threats – and this all had to happen transparently to our end users.”

It was a big ask – as with all Universities, the resources available to safeguard these systems were limited.

In the wake of post-COVID hybrid working, the University also had to refocus on remote access. People across all the campuses required secure, high-performance direct-to-app connectivity.

The University have first-hand experience of the value of a robust and resilient cybersecurity framework. Several years ago, a significant cyberattack at the University of Sunderland rendered students unable to log in to remote learning classes and staff unable to access email and other network data. The infrastructure was disabled for several days before operations were restored.

"We needed to maintain a fast, open, and collaborative campus while still being secure and resource efficient.

To do that, we required complete visibility and remediation of threats – and this all had to happen transparently to our end users."

– Laura Baker

Assistant Director of Technical Services
University of Sunderland

SOLUTION

Complete, connected Palo Alto Networks platform

Working in partnership with its long-term cybersecurity consultancy partner KHIPU Networks, the University of Sunderland implemented a complete, connected Palo Alto Networks platform, comprising network security and SASE. This robust infrastructure safeguards students, staff, processes, and tools across the campuses – resulting in highly effective information security and cybersecurity operations.

The ML-Powered Next-Generation Firewalls (NGFWs) protect north-to-south and east-to-west traffic. Scalable and flexible, the network security platform uses advanced threat intelligence to detect and prevent cyberattacks. The University has a hybrid data centre environment, on-premises and in the cloud. The NGFWs sit between the two and at the perimeter. This ensures the team have 360-degree visibility into evasive threats, are continually up to date on vulnerabilities, and allows them to mitigate against the need for service interruptions.

The combination of App-ID and Content-ID offers features that simplify the classification of traffic and the creation of comprehensive and precise security policies. This brings value by reducing administrative time whilst significantly lessening the attack surface of the University.

Prisma Access is Sunderland’s remote access VPN deployment, providing secure internet connectivity for students and staff in the cloud. It protects all University traffic, ensuring the confidentiality and integrity of data and protecting endpoints from internet threats. GlobalProtect is deployed on staff devices, giving them secure remote access and the flexibility to work wherever they choose, ensuring all sensitive business data is protected.

KHIPU Networks are forever on hand to provide the University team with expert, hands-on guidance and strategic thinking. “KHIPU are one of our key strategic partners. They understand our goals and the broader cybersecurity challenges facing higher education. As with all Universities, we have limited in-house resources, so KHIPU have become a trusted extension of our team.”

Benefits

Safeguarding the University’s integrity

This complete, agile platform is transforming the University’s cybersecurity, helping them to:

  • Secure higher education into the future: The University’s data, people, and processes are safeguarded against known and unknown vulnerabilities, ensuring Education Services continue safe from threats. For example, the IT team has dashboard-driven, real-time visibility into the network, with the portal identifying threats and flagging domains/IP addresses marked as malware.
  • Reduce costs: One connected cybersecurity platform is easier to administer than point products. Automation streamlines firewall administration, for example, reducing the total cost of operation and enabling people to concentrate on strategic security issues.
  • Increase administration productivity: For example, Prisma Access enables the team to quickly classify sites into URL categories based on content, features, and safety.
  • Enable a “work-from-anywhere” security: Students and staff can work securely from any device, anywhere. Prisma Access securely connects the University’s hybrid workforce to the internal network, ensuring an exceptional user experience without compromising performance.
  • Meet compliance goals: By demonstrating a rigorous commitment to cybersecurity, the University can achieve its goal of ISO 27001 certification. The institution is also better positioned when engaging with public sector or research bids which demand an ever-higher level of cyber security.

"Threat actors are increasingly targeting the higher education sector. Palo Alto Networks and KHIPU Networks are extensions of our team, ensuring we stay ahead of any attack or zero-day vulnerabilities."

– Laura Baker

Assistant Director of Technical Services
University of Sunderland