Case study: Fit for a queen
Queens College found a solution to monitor activity and manage devices on its network, reports Greg Masters.
Case study: Fit for a queen
The list of its alumni who rose from humble beginnings to prominence stretches from Robert Moog, the inventor of the Moog synthesizer, to musicians Carole King and Paul Simon and comedians Joy Behar, Roy Romano and Jerry Seinfeld. But none of these distinguished figures ever had to contend with the challenges Morris Altman, director of network services and internet security officer at Queens College, faces on a daily basis: malware.
Queens College is located in Flushing, Queens, the easternmost and largest in area of the five boroughs that make up New York City. Perhaps most readily identified as the home of LaGuardia Airport and Mets ballpark, CitiField, the borough is also home to a diverse population – of its 2.3 million residents, half are foreign born.
The college is one of nearly 20 schools spread throughout New York City comprising the City University of New York (CUNY) system. With 20,000 students and 5,000 faculty and staff, Queens College faced the modern-day plague of network attacks. And Altman, along with about 40 full-time and 100 part-time personnel on his IT security staff, were challenged with preventing computers from becoming infected and adversely affecting network performance of both the student and faculty population.
Morris Altman, director of network services and internet security officer, Queens College
Jack Marsal, director of solution marketing, ForeScout
“So we needed a solution that would not only let us better manage and organize corporate assets, but also provide continuous monitoring of our network, and ultimately comprehensive visibility and policy-based control over devices accessing or on our network,” says Altman.
Before searching for a network security solution, his team had no way to effectively estimate the number of devices, including desktops and laptops, that were connecting to the Queens College networks. Therefore, he says, being able to identify and classify these endpoints was imperative while at the same time he looked to improve the school's network security posture. “More so, we had to securely manage users, students and faculty and their personal mobile devices connecting to our computing resources.”
Another issue that prompted his team to search for a new network security platform was the increasing incidence of more sophisticated threats – including zero-day and propagating worms. It was not uncommon, he explains, for hundreds of computers on the network to be regularly infected – leading to the spreading of malware to other machines. These threats even consumed enough bandwidth to take the college network services offline on a number of occasions.
The network group – specifically the CIO – began the search for a solution. A number of offerings either failed evaluation or could have potentially created future limitations, such as bandwidth limits of in-line network security solutions, says Altman.
“We initially turned to ForeScout CounterACT to help protect us against advanced threats and propagating worms, which, in the past, would have infected hundreds of computers, literally bringing the network to a crawl.”