One of the most prestigious universities in Latin America relies on McAfee and its security incident and events management (SIEM) solution to provide widespread visibility and greater control, enable faster detection and response to security threats, and safeguard its own assets as well as those of its students.
Chief Information Officer Fernando Thompson de laRosa is passionate about using technology to improve operations at Universidad de Las Américas (University of the Americas) , or UDLAP, in Puebla, Mexico. At theprestigious undergraduate university, he deals with IToperations on a daily basis—from enterprise resource planning (ERP) and learning management systems to a distance teaching portal and the Wi-Fi network. Of all his challenges, protecting the university from cyberthreats tops the list.
Secure University Assets and Student Devices
Maintaining a secure environment in a university settinghas become much more difficult in recent years. “Tenyears ago, our main network was the LAN, and the only devices we had to protect belonged to the university,”explains Thompson de la Rosa. “Today, the main networkis Wi-Fi, and we have to enable access to thousands
of devices—laptops, smartphones, and tablets, with numerous operating systems and versions—that don’t belong to us. If we only protect the 2,000 laptops owned by the university, we are going to fail.”
UDLAP has 8,000 undergraduate students, each withan average of 2.8 personal devices. That’s more than22,000 devices among students alone. Approximately 40,000 devices connect to UDLAP networks daily.
“We have to protect the devices of millennials whodon’t realize that they need to be protected in order to prevent them from putting the university and others atrisk,” he explains. “Consequently, educating our users isat the core of our security strategy—as is widespread visibility and early detection. We need to be able to see and understand what is going on across our networksand be able to respond as quickly as possible to threats.”
McAfee Enterprise Security Manager: Lowest TCO and Highest ROI
Previously, UDLAP had implemented McAfee® Complete Endpoint Protection for Business for antivirus andantispyware protection, web filtering, host intrusion prevention, and disk, file, and folder encryption—allmanaged from the McAfee ePolicy Orchestrator®(McAfee ePOTM) central management console. As devices proliferated and the challenge of complying with dataprivacy regulations increased, Thompson de la Rosarecognized the need to add a SIEM system to provide greater visibility and control across the university’s infrastructure, which includes a tier 3 data center, 10 networks, and 120 physical and virtual servers.
After evaluating solutions from several leading SIEMvendors, he and his team had an easy decision. “Wechose the McAfee Enterprise Security Manager because it helps us consume and process security information faster, so we can identify and respond to incidents in avery short period of time,” says Thompson de la Rosa. “It also cost less than some of the other SIEMs. The decision was a ‘no-brainer.’ McAfee clearly offered the lowest TCO and best return on investment. McAfeeEnterprise Security Manager is one of our best tools.”
UDLAP implemented McAfee Enterprise Security Manager to dramatically improve the university’s ability to protect, detect, and correct future cyberthreats.
The university also implemented McAfee AdvancedCorrelation Engine to identify and score threat events in real time, using both rules- and risk-based logic, and McAfee Global Threat Intelligence (McAfee GTI) for McAfee Enterprise Security Manager to deliver a constantly updated, rich feed of threat intelligence data.
Improves Security Posture and Enables Faster Incident Response
“We now review a huge amount of data in a very short amount of time,” notes Thompson de la Rosa. “With fast analysis from all the critical data sources, alerts are triggered sooner, and we can detect and respond to suspicious incidents faster.” In addition to endpointdata from McAfee ePO software and network traffic datafrom McAfee Network Security Platform, the McAfee Enterprise Security Manager receives information fromfirewalls, a sandboxing appliance, Microsoft ActiveDirectory, web gateways, databases, routers, and othersystems. McAfee GTI also helps determine risk level andprioritization of incidents.
To stay ahead of advanced threats, UDLAP has defineda number of key behavioral correlations and is in the process of creating new correlation rules to triggerautomated alerts. “McAfee Advanced Correlation Engine is a magnificent tool. It provides a ton of intelligenceabout what is happening in our networks,” claimsThompson de la Rosa. “With this capability, we havebeen able to detect ransomware before it locks up our systems.”
Granular, Centralized Reporting Facilitates Compliance
Thompson de la Rosa’s security administrators usereports from both McAfee ePO software and McAfee Enterprise Security Manager’s dashboard—standard,out-of-the-box reports, such as the Top 10 Infected Systems and Top 10 Detected Threats, as well as customized reports. “If we need to drill down to a deep granular level to obtain detailed information on a specific event, we can easily build a custom report on the fly,” explains Thompson de la Rosa.
The McAfee Enterprise Security Manager’s reporting functionality also facilitates compliance. “Before
McAfee Enterprise Security Manager, demonstratingcompliance with privacy laws was extremely difficult andtime-consuming, but now it is often simply a matter ofprinting out several reports,” he notes. “In addition, withMcAfee Enterprise Security Manager, we can conduct trend analysis and more easily detect irregular trends.”
Data Protection for the University and ItsStudents
UDLAP also uses the McAfee Complete Data Protection—Advanced software suite to protect computers that have access to sensitive information.The university is currently in the process of using thissolution to encrypt hard drives across university- owned laptops and PCs and is testing other forms ofencryption. As for student devices, the university offersall of its students McAfee VirusScan® Student and McAfee AntiSpyware Student free of charge.
An Extremely Supportive Partner and Ecosystem
“Partnering with McAfee these past several years hasdramatically improved our security posture,” saysThompson de la Rosa. “McAfee has knowledgeablepeople who work very closely with us and understandthe specific security needs of higher education. Theyhave even helped us increase awareness of security best practices among our students—a task that is absolutely essential because the weakest part of the security defense for a university is its user population, not its technical infrastructure.”
“Competitors are constantly approaching us, but we
feel very good about partnering with McAfee,” addsThompson de la Rosa. “I also love being part of the McAfee ecosystem.” For instance, Thompson de la Rosa,who has been in Mexico’s CIO 100 for seven years, finds the annual McAfee FOCUS user conferences (nowcalled MPOWER) extremely worthwhile for learning and discussing security strategies. “We have had a verysuccessful partnership, and I hope to work with McAfee for years to come.”
Fernando Thompson 
Deja un comentario