Malware visibility teaches Federation Training the value of end-to-end security

Low-end security tools acquired during merger kept ICT manager awake at night

It hadn’t taken long after Federation Training introduced a new security platform that the wisdom of the move became clear, with scanners picking up “dozens if not hundreds of quarantined files” on a daily basis as the institute’s 4000 students and 500 staff connected and disconnected from the institute’s network.

That network had evolved in the wake of the 2014 merger of Advance TAFE and GippsTAFE, producing a consolidated organisation with 10 campuses spread across Victoria’s eastern half. And while that merger was effected for operational and efficiency reasons, recalls ICT manager Jason Phillips, it also created a need for dramatic improvements to the ageing information-security tools that Federation Training found itself using.

The two institutes “had different perspectives on security and were using different products,” he told CSO Australia. “We had to cut back on a lot of things, including our security software. But this left us with a fair bit of discomfort around our server infrastructure, since we were relying on what I considered to not be a top-tier product.”

This wasn’t necessarily a deal-breaker on its own: with an extensive and ongoing backup regime in place, Federation Training was well-positioned to recover quickly and effectively should anything go wrong. But when things actually did start to go wrong – several “Cryptolocker-style ransomware” infections were noted within the first year, Phillips explained, adding that they didn’t result in any data loss or ransom payments because of the extensive backups that were in place.

With the cybersecurity threat proven to be quite real, however, the 8-strong consolidated ICT team had ammunition to support a more robust security strategy that would improve protection of its server environment, which is around 95 percent virtualised around VMware technologies.

This soon led the team to Bitdefender GravityZone Business Security, which delivered a centralised-scanning environment backed by cloud-based security intelligence, behaviour monitoring, and remote manageability.

The new environment provided crucial visibility into the threat that Federation Training was facing every day as the network servers coped with everything from emailed malware to students’ heavy use of portable drives. With “dozens if not hundreds” of malicious files quarantined every day, Phillips said, that visibility was confronting.

“To think that we had next to no protection and we weren’t picking any of that up before, and how exposed we were – before we put in the new platform I really wasn’t sleeping nights,” he explained. “When you start to see these kinds of infections coming in, you know it’s only a matter of time before it finds something of value to destroy for you. That was enough to be able to start going to the executive for a bit of funding for some endpoint protection.”

It has now been a year since Phillips’ team complemented its server protection with endpoint-security tools – and the environment is running more smoothly than ever. This, despite the growing incidence of malware particularly targeting Android-based mobile phones and tablets, with scareware Trojans, banking Trojans rife, and apps infected with new strains like the DressCode family that are able to spread across corporate networks.

“We started off looking at protecting desktops and laptops,” Phillips said, noting that the new environment is protecting around 2000 endpoints so far. “It didn’t even occur to me at the time to really think about mobile devices. But we certainly have not had any [desktop or laptop] infections to speak of over the past year, and we have not yet had an infection that we know of through a mobile device so far.”

The strong performance of the new security environment has given Phillips the confidence that he was lacking after the original merger, providing visibility and proactive protection against all manner of malware that the network just couldn’t see in the past.

This has improved confidence at the highest levels of the business – which has been credited with some of the endpoint infections that could have produced “fairly devastating” results if they hadn’t been caught.

“We can see every single machine,” he said, “and if something had slipped through we would know about it. If there were something happening out there that we weren’t protected against, I think we would know about it fairly quickly.”

Tags CryptolockerCSO Australiaend-to-end securityAdvance TAFEGippsTAFEMalware visibilityFederation TrainingICT manager Jason Phillips

Show Comments