Gettysburg College is a liberal arts school in a location imbued with historical significance. Its 225-acre campus is adjacent to the Gettysburg National Military Park, site of the famous Civil War battlefield. Many buildings on campus are historically relevant as well, but Gettysburg College is not stuck in the past. Far from it.

The school was an early adopter of wireless networking. Two decades ago, it offered wireless bring-your-own-device (BYOD) access as a selling point to attract students. Today, campus-wide Wi-Fi is less effective as a differentiator. Still, Gettysburg College strives to provide an end-user experience that stands out from the crowd.

Managing a BYOD Wireless Network in a Tourist Town

The college’s IT team works to ensure that students, faculty, staff, and parents can securely connect appropriate devices; that individuals who should not be on the network do not gain access; and that all these processes are as automated as possible.

“Gettysburg, Pennsylvania, sees tens of thousands of visitors every year,” explains the school’s Vice President of IT, Rodney Tosten. “Our campus interweaves with downtown Gettysburg, and some major roads even cross the campus. Every device in a car passing through tries to connect into our network.”

Moreover, he says, people used to park in the college’s parking lots to access the internet via its wireless network. “That raised concerns about network security,” Tosten says. “It also had implications for campus safety. We worried that free internet might be attracting people who were not necessarily healthy to have hanging around our campus.”

Finally, IT staff worried about bandwidth. “Being in a tourist town, we knew that having a wide-open network could eventually mean so many people connecting that our internet throughput would fall to pieces for the students, faculty, and staff who needed it,” Tosten says.

Leveraging FortiNAC to Implement Access Policies That Are Both Effective and Efficient

Gettysburg College has long understood these challenges. Eighteen years ago, it deployed the FortiNAC* solution. Thanks to this software, any attempt to connect a computer, tablet, or smartphone to the school’s Wi-Fi network brings up a registration page. Users who have network login credentials enter them on the registration page. The FortiNAC system confirms their identity and scans each endpoint to verify that its operating system and security software are up to date. “We will not grant people access unless the FortiNAC solution verifies that their system is updated and has antivirus protection,” Tosten says. “That ensures only secure devices connect to our network.”

Parents and visiting faculty can connect, but their access is time-limited. The FortiNAC solution maintains an inventory of their accounts. Individuals whose allocated time window has expired will no longer be allowed access. The solution also automatically removes access permissions for any device that has not connected to the network for a period of time.

“Our Wi-Fi network has more than 1,000 access points,” Tosten says. “We have 55,000 devices attempting to connect on an average day, and only about 6,500 of them should actually get in. That is a lot to manage, and two staff members are responsible for all related connectivity issues. The automation in the Fortinet solution, its scanning of devices attempting to enter the network, and its ongoing management of network inventory make it possible for such a small staff to manage our Wi-Fi.”

Allowing Only the Right Things on the Internet with FortiNAC

When students want to connect an Internet of Things (IoT) device, they must complete a manual request. The IT group routinely tests such devices to discover which work well on the network and which do not. They feed this information into the FortiNAC system.

“We test smart speakers, gaming consoles, and all the other gizmos we expect people to try to connect,” Tosten reports. “We want to make sure the devices we allow in will not consume all our bandwidth or overload our access points. If someone tries to connect a device that we do not allow, FortiNAC does not give it access.”

This approach further improves staff productivity. “It lets us have a conversation up front, rather than bogging down our helpdesk staff trying to support devices that are not going to work,” he adds. “Without a product like FortiNAC, we would not know which devices would have challenges, and figuring out connectivity problems for each individual device would be a much longer conversation.”

Acknowledging the significant improvements in staff efficiency, Tosten emphasizes that the primary benefits of the NAC system accrue to end users. “We have been using the FortiNAC solution for 18 years,” he reiterates. “Throughout that time, it has provided great security for our campus network. Without this product, Wi-Fi access would be like the Wild West. Instead, the FortiNAC system helps us make sure that everyone who is supposed to be on our Wi-Fi can connect, with healthy devices and adequate bandwidth, so that all our end users have a quality experience.”

* In 2018, Fortinet acquired Bradford Networks and their NAC solution which was rebranded as FortiNAC.

The post FortiNAC Enables Quality Wi-Fi Experience appeared first on Auswide Communications.

Endpoint security plays an integral role in modern security architecture. While initially focused on protecting individual endpoints from malware and other known threats, modern endpoint security solutions have grown to utilize multiple detection techniques capable of preventing or detecting both known and unknown threats while helping security and IT teams respond to broader threats involving multiple endpoints.

But even with the use of advanced machine learning and behavioral analytics, endpoint security solutions still are not able to prevent 100% of threats. This leaves a gap for security teams, who need a mechanism to detect and respond to threats that make it through preventative controls. Security teams have rallied around endpoint detection and response tools (EDR) as the primary mechanism to address this gap. According to recent ESG research, EDR was the most often cited priority when organizations were asked what their biggest endpoint security investment priorities are for the next 12-18 months.1

EDR solutions have evolved dramatically since first entering the security scene almost 8 years ago. While first created as a digital forensics investigation tool for only the most expert of security professionals, modern EDR solutions are highly automated and can be utilized by most security analysts to effectively close the gap where prevention solutions fall short.

Second generation EDR offers multiple advantages for security teams, including reduced alerts, accelerated threat understanding, and playbook-driven automated response actions. These second generation EDR solutions strengthen prevention, reduce the noise, speed response, and enable more security analysts to redirect their efforts to stopping the most sophisticated threats.

These important advancements in EDR are enabling security teams to more rapidly close the gap left by endpoint protection solutions, keep up with the adversary, and stop threats before damage occurs—all while reducing stress on the security analyst.

The Bigger Truth

Today’s diverse threat landscape will continue to challenge industry-leading endpoint security solutions to prevent every attack, leaving organizations with the task of closing this gap with a combination of humans and automated threat detection and response tools.

Endpoint detection and response tools have come a long way since their initial introduction. Advancements in EDR solutions are enabling security teams to implement proactive risk mitigation strategies, leveraging second generation EDR solitions to reduce excessive noise levels, automate and speed response, and enable security professionals to quickly investigate and stop attacks.

Second generation EDR sets the stage for new levels of automated detection and response, resulting in a more resiliant, self-healing environment where security analysts can refocus their time on mitigating the most important, sophisticated threats. 34% of surveyed IT professionals who recently switched endpoint security vendors or plan to switch cited the need for better threat detection and response as one of the drivers of the switch.

With the addition of these advanced automation capabilities, second generation EDR solutions should enable organizations to detect and respond faster, stop more threats, and do so more efficiently, requiring less effort from highly skilled security analysts. And when events require a security analyst’s attention, threats can be disarmed while investigations take place, limiting business disruption.

Organizations that are investing in EDR should strongly consider second generation solutions that include more automated detection, response, and remediation capabilities that can accelerate response, ensure endpoint resiliance, and enable existing security teams to keep up with the modern endpoint threat landscape.

The post The Need for Speed: Second Generation EDR appeared first on Auswide Communications.