CASE STUDY. ANNIE WRIGHT SCHOOLS Hogwarts Works Magic with the Next-Generation Firewall

Similar documents
CASE STUDY. RHEINLAND VERSICHERUNGSGRUPPE Who Ensures Security for The Insurers? RHEINLAND VERSICHERUNGSGRUPPE Who Ensures Security for The Insurers?

CASE STUDY. AUSTRIAN AIRLINES Modernizes Network Security for First Class Performance

CASE STUDY. UNIVERSITY OF SOUTHAMPTON Top UK Research University Gets Future-Proof Solution for Bandwidth and Security Needs

Palo Alto Networks Gets Top Marks for Solving Bandwidth and Security Issues for School District

Moving Beyond Proxies

CASE STUDY. NEXON ASIA PACIFIC Nexon Securely Onboards 25 Cloud Customers in Only Eight Months

WildFire. Preparing for Modern Network Attacks

CASE STUDY OSRAM. Next-Generation Firewall

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Still Using Proxies for URL Filtering? There s a Better Way

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Securing the Virtualized Data Center With Next-Generation Firewalls

Network Security for Mobile Users

What s Next for Network Security - Visibility is king! Gøran Tømte March 2013

Breaking the Cyber Attack Lifecycle

Preventing Data Leaks At The Firewall A Simple, Cost-Effective Way To Stop Social Security and Credit Card Numbers From Leaving Your Network

Reducing Costs With Next-generation Firewalls. Investing in Innovation Pays Cost Savings Dividends

REPORT & ENFORCE POLICY

Content-ID. Content-ID URLS THREATS DATA

Next Generation Enterprise Network Security Platform

A Modern Framework for Network Security in the Federal Government

PALO ALTO SAFE APPLICATION ENABLEMENT

Customer Services Overview

June Palo Alto Networks 3300 Olcott Street Santa Clara, CA

GlobalProtect Overview

Reducing Costs With Next- generation Network Security Investing in Innovation Pays Cost Savings Dividends

Palo Alto Networks Cyber Security Platform for the Software Defined Data center. Zekeriya Eskiocak Security Consultant Palo Alto Networks

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Firewall Feature Overview

Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications

About the VM-Series Firewall

May Palo Alto Networks 232 E. Java Drive Sunnyvale, CA

APERTURE. Safely enable your SaaS applications.

Debunking the Top 10 Cloud-Hosted Desktop Myths

8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014

Scaling Next-Generation Firewalls with Citrix NetScaler

Next-Generation Firewall Overview

Enterprise Buyer Guide

The Application Usage and Threat Report

HOLDING ON TO YOUR BANDWIDTH

***NOTICE***: Proposed Selection Date now 12/16/13

How to Dramatically Reduce the Cost and Complexity of PCI Compliance

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

How to Turn Your Network into a Strategic Business Asset with Purview EBOOK

How To Bring In Palo Alonnetworks

Debunking the Top 11 Cloud Desktop Myths

alcatel-lucent converged network solution The cost-effective, application fluent approach to network convergence

Using Palo Alto Networks to Protect the Datacenter

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Network Management and Monitoring Software

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE. Part I: Reducing Employee and Application Risks

Technology Department Infrastructure & Support

Unwired Revolution Gains Full Visibility into Enterprise Environments with Server Side and Mobile App Monitoring from New Relic.

Firewall and UTM Solutions Guide

Debunking the Top 10 CloudHosted Virtual Desktop Myths

Meru MobileFLEX Architecture

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Challenges and Solutions

Enterprise Security Platform for Government

Empowering the Enterprise Through Unified Communications & Managed Services Solutions

February Considerations When Choosing a Secure Web Gateway

Next-Generation Firewall Overview

KEEPING YOUR SANITY AS YOU EMBRACE CLOUD AND MOBILE

Palo Alto Networks User-ID Services. Unified Visitor Management

Panorama Overview. Palo Alto Networks. Panorama Administrator s Guide Version 6.0. Copyright Palo Alto Networks

THREAT INTELLIGENCE CLOUD

Agenda , Palo Alto Networks. Confidential and Proprietary.

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Cisco Small Business ISA500 Series Integrated Security Appliances

Use Host Information in Policy Enforcement

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

BYOD Networks for Kommuner

Palo Alto Networks Next-generation Firewall Overview

About the VM-Series Firewall

The 2014 Next Generation Firewall Challenge

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Securing Campus Network Access for an Improved User Experience

Next Gen Firewall and UTM Buyers Guide

YOUR QUESTIONS ANSWERED. A Practical Guide to VoIP for Small Businesses

Palo Alto Networks. September 2014

Common Core Network Readiness Guidelines Is your network ready? Detailed questions, processes, and actions to consider.

VIA COLLAGE Deployment Guide

Top 10 Reasons Enterprises are Moving Security to the Cloud

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Palo Alto Networks Next-Generation Firewall Overview

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

Stallion SIA Seminar PREVENTION FIRST. Introducing the Enterprise Security Platform. Sami Walle Regional Sales Manager

Next-Generation Firewall Overview

Cybersecurity Imperatives: Reinvent Your Network Security With Palo Alto Networks

PRODUCTS & TECHNOLOGY

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Comprehensive security solution provides reliable connectivity and faster VPN throughput with unprecedented visibility from WatchGuard Dimension

Technical Note. ForeScout CounterACT: Virtual Firewall

Transcription:

CASE STUDY ANNIE WRIGHT SCHOOLS

Founded in 1884, the Annie Wright Schools are two private schools located in Tacoma, Washington with an enrollment of approximately 500 students. Annie Wright Day School serves boys and girls in preschool through grade 8, while Annie Wright Upper School offers all-girls day and boarding programs for grades 9 through 12. Annie Wright is an International Baccalaureate World School and educates numerous students from foreign countries. INDUSTRY // Education CHALLENGE // Gain network visibility to control and prioritize application access by user, resolve bandwidth and network responsiveness problems, and simplify IT management without impacting performance or adding burden for staff. SOLUTION // Palo Alto Networks enterprise security platform, URL Filtering using PAN-DB, IPS, and Threat Prevention. SUBSCRIPTIONS // Threat Prevention, URL Filtering (with PAN-DB) APPLIANCES // PA-500 PA-500 (1) RESULTS Increased application visibility and control by user Safely enabled BYOD throughout the school and campus Saved two to three days per month from simplified policy management Saved $15,000 on hardware and thousands more in annual costs Solved throughput problem Increased security at layer 4 through 7 STORY SUMMARY // Annie Wright Schools proudly maintain Harry Potter-like traditions dating back over 100 years, but network latency, access, and an inability to support BYOD are modern IT problems that can t be solved with magic. Because the school has boarding students, large amounts of bandwidth are needed at all times for educational, communication, and entertainment purposes. When the school s incumbent legacy firewall could no longer handle throughput or support the evolving needs of users, and IT management became overwhelming, it needed a new modern solution. Annie Wright Schools tapped the comprehensive functionality of the Palo Alto Networks enterprise security platform to achieve superior layer 7 security, safely enable BYOD, and solve network issues. How did Palo Alto Networks meet the school s huge throughput and atypical access control needs, improve security, and save time and money while integrating into a mostly Mac environment? CASE STUDY // ANNIE WRGHT SCHOOLS PAGE 2

Solves Bandwidth, Network Latency, and IT Management Issues, and Prioritizes Access by User with Palo Alto Networks Enterprise Security Platform They Don t Play Quidditch, but... Annie Wright isn t a typical school. The preschool-12 private school is steeped in traditions. Students wear uniforms with colored ties indicating their grade level. Activities such as school dances in the Great Hall, winning the House Cup, and a graduation ceremony in which students dance around a maypole are considered normal. Think Hogwarts. The picturesque campus even boasts a Harry Potter-like weeping willow tree, a tower, and a wild owl occasionally takes up residence in the Great Hall. A lot has changed since the school opened its doors in 1884 when tuition, room and board, and laundry service combined cost $350 a year. Today, 400 local students attend the day schools, and roughly 100 boarding students from all over the world live in the dorms. Atypical Consumption 24/7 It s not just the campus, makeup of the student body, and excellent education that sets Annie Wright Schools apart. The needs of its 600+ users are also atypical. We have to protect users inside and outside of class and at all hours, says Bob Williamson, Network Administrator, Annie Wright Schools. Every student, sixth grade and above, is given a Mac laptop. They use these in class, during breaks, at home, and in the dorms. Because of the number of students and adults (dorm parents) living on campus, we don t have set peak times like most schools; our usage is constant. The variety of users requires a better grip on BYOD, application filtering, QoS, and other bandwidth usage than most schools. Typically, at any time, there are between 800 and 1,200 devices on our network, 50-70 Mbps of Internet usage, and three-fourths of a terabyte every 24 hours on wireless, says Williamson. Everyone has a laptop, Xbox, Wii, smartphone, or some other device in class or in their dorm room. Our foreign students often use Skype to talk to family back home. They also access a lot of unfamiliar URLs and use a lot of special apps and tools most IT people have probably never heard of. Bandwidth throughput, network responsiveness, and prioritizing application usage by users were challenges. We need strong, flexible QoS for scheduling and other reasons, says Williamson. Throughout the school day, teachers need bandwidth to use social media and online tools in the classroom. Because we re an International Baccalaureate school, we have to deny access for a few hours for select groups of students while they take exams. At night, we may need to enable students to Skype their parents abroad while allowing 100 people to watch Netflix in their dorm rooms. Palo Alto Networks enterprise security platform gave us incredible network visibility and access control by user not by IP and effortlessly handled 50-70 Gbps throughput to solve issues with network latency, safely enable BYOD, and support our educational mission. Importantly, it achieved all of this while reducing IT management burdens considerably for our two-person staff. Bob Williamson, Network Administrator, Annie Wright Schools To manage bandwidth and scheduling access, Williamson needs to be able to easily create and tweak application access policies by user. The dorm parents, adults, and Prefects are allowed 24-hour Internet access, while the rest of the dorm students are cut off at midnight and middle school students by 6:00 p.m. All this has to be done regardless of the device, says Williamson. We have so many different levels of usage, and devices; being able to easily manage the matrix of policies is really essential. Access Issues Cast a Spell on Users Only two IT staff keep Annie Wright Schools network running; Williamson and a helpdesk person. About 40 Windows-based computers handle administrative CASE STUDY // ANNIE WRIGHT SCHOOLS PAGE 3

and business-critical tasks, while the rest of the school is Mac-based. One Internet gateway and a legacy WatchGuard firewall provided security and throughput. Three VLANs are in place: one for business usage, one for boarders, and one for students and teachers. The school s IT environment is 100% virtualized using VMware. Access and network latency issues were constant issues. We were maxing out WatchGuard all the time, says Williamson. It couldn t handle the volume especially streaming media. Kids couldn t get on Skype and it didn t offer any visibility. Basically, it was a nightmare. The firewall was also incapable of providing actionable information about network traffic or users. It took half an hour just to create a report, says Williamson. Compliance with the Children s Information Protection Act (CIPA) is not an issue for Annie Wright Schools because private schools don t have to adhere to it. We want to do everything we can to protect students from inappropriate content and illegal activities, says Williamson. We also need to monitor what kids post to ensure it s appropriate. It was literally impossible to track individual user behavior with our previous firewall. Annie Wright Schools are mostly Mac-based, so viruses and malware are not as big of an issue compared to Windows-based schools. That doesn t mean the network was as secure as desired. Kids play videogames in their dorm rooms, which creates some exposure to BitTorrent, says Williamson. With WatchGuard, we couldn t do layer 4 through layer 7 security; we just opened port 80 and hoped for the best. In terms of mobile, we simply denied access for years because we couldn t secure or control it. For many reasons, the situation was driving me crazy. Time to Find a Magic Wand The school needed a solution. I wanted a firewall that filters content and applications by user, not IP, says Williamson. It had to work with our scheduling of user access, and separate access out by groups, handle our throughput, and do it all without slowing down the network. It had to do all that in a mostly Mac environment, and because we re a two-man shop, it needed to be easy to manage. Williamson did some research and read about Palo Alto Networks. The enterprise security platform from Palo Alto Networks consists of a Next-Generation Firewall, Threat Intelligence Cloud, and Advanced Endpoint Protection. The firewall delivers application, user, and content visibility and control, as well as protection against network-based cyberthreats integrated within the firewall through a purpose-built hardware and software architecture. The Threat Intelligence Cloud provides central intelligence capabilities, as well as automation of the delivery of preventative measures against cyberattacks. You simply can t compare what you get with Palo Alto Networks to WatchGuard, or to any other enterprise security platform, says Williamson. The functionality, visibility, and, maybe more importantly, the control and ability to set policies by user, blew me away. No Hocus Pocus. Just Results. The school purchased Palo Alto Networks PA-500 firewall and deployed it as its primary firewall in virtual wire mode. We put in Palo Alto Networks and throughput shot through the roof. Finally, everyone could get access, says Williamson. It can handle the load. Next, we used QoS with it to contain and adjust bandwidth, and assign priority usage by groups and applications. Our international students were thrilled with the results as they could Skype their friends and family without any hiccups. Palo Alto Networks handles everything you can throw at it without skipping a beat. It s easy to use and to create, tweak, and manage application access policies by user, provides quick, detailed reports, and works well in our primarily Mac/iOS environment. Since we installed it I can t keep my hands off of it. Bob Williamson, Network Administrator, Annie Wright Schools We use the PA-500 s IPS, URL Filtering, scheduling capabilities, and DNS black-holing, says Williamson. We protect our multiple VLANs with sub-layer 3, and use Active Directory integration for our Mac end-users, which is a bit unique. Subscriptions to Palo Alto Networks URL Filtering using PAN-DB, and Threat Prevention, protect the school from advanced threats and malicious content without having to add security staff. CASE STUDY // ANNIE WRIGHT SCHOOLS PAGE 4

Palo Alto Networks is also safely enabling BYOD. It really put us ahead of the curve on BYOD, says Williamson. Because of the integrated captive portal and its Active Directory integration, I can apply the same firewall rules for users for all different types of devices which is awesome. We enable rules based on times, access, or content based on the student. We couldn t do this before. This is important because people live here. They re on FaceTime on their ipads, phones, and devices all the time. Palo Alto Networks enterprise security platform also works seamlessly with Mac environments. It s great with Mac, says Williamson. OS X is bound to Active Directory. As soon as kids log into OS X it hits the Active Directory, creates an event, and the User-ID process looks through and associates it with their IP. If they have Outlook, Palo Alto Networks picks it up when they open it up. Since Palo Alto Networks arrived you can t get it out of my hands. Forget the Maypole; Dance Around the Firewall Palo Alto Networks solved bandwidth, scheduling, network latency, access, and IT management issues for Annie Wright Schools, while safely enabling BYOD. It s so much easier to create and adjust rules, says Williamson. The filtering just works. Instead of having to adjust or add rules as new kids come in, I can just add them and the PA-500 takes care of it. This saves me a lot of time about two to three days a month from having to manually apply app access/usage rules. Williamson is also saving time and frustration due to Palo Alto Networks extensive reporting capabilities. We lacked visibility, information, and reporting, but now we can easily run useful reports on Palo Alto Networks in 30 seconds, says Williamson. More importantly, Annie Wright Schools are saving money. We got rid of our old firewall and dedicated URL filtering devices, says Williamson. This saved $15,000 in hardware and thousands per year in other costs. We re spending half as much on Palo Alto Networks compared to WatchGuard and getting far better results. The deployment of the Palo Alto Networks PA-500 was a breeze. It s easier to set up than anything else I ve ever touched in over 20 years in IT, says Williamson. In the near future, Williamson is considering adding Palo Alto Networks GlobalProtect and WildFire. GlobalProtect extends an organization s secure application enablement policies to all users including mobile regardless of location or device used for access. WildFire provides integrated protection from advanced malware and threats by proactively identifying and blocking unknown threats commonly used in modern cyberattacks. Williamson is happy with Palo Alto Networks tech support. I ve had excellent tech support, says Williamson. One day I was on the phone, with the same engineer, for five solid hours tracking down an obscure issue. He took ownership of it, nailed down the issue and a software update handled it. To have a call with the same person without them passing it off to someone else is really unusual. They called in other people when needed and wouldn t get off the line until the problem was resolved. Happy to Spread the Word The only difficulty Williamson has had with Palo Alto Networks is mental. I ve been doing this for a long time, he says. It s hard to get past the port 80 mentality, but once I did it s a quantum leap to go from ports to apps. The Palo Alto Networks approach is really simple to understand and embrace. Williamson is so impressed with Palo Alto Networks that he s spreading the word to peers. I think five to six other schools have bought it based on relaying my experience to colleagues, says Williamson. Palo Alto Networks handles everything you can throw at it without skipping a beat even with Skype and other time-sensitive apps. You can tap out your pipe and it still won t drop Skype calls or access for others. It s an incredible solution. It s almost like magic. 4401 Great America Parkway Santa Clara, CA 95054 Main: +1.408.753.4000 Sales: +1.866.320.4788 Support: +1.866.898.9087 www.paloaltonetworks.com Copyright 2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, PAN-OS, App-ID and Panorama are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. PAN_CS_AWS_042415

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information