Case Study
Tomorrow’s technology students might study the network security strategy of Canterbury Christ Church University as part of their coursework. It’s a masterclass in modern, innovative cybersecurity. A single, connected suite of Palo Alto Networks Next-Generation Firewalls (NGFWs) and Cloud-Delivered Security Services is transforming security visibility, control, and efficiency at this leading British higher education (HE) institution, allowing students and staff to work confidently – when and where they choose.
In brief
Customer
Canterbury Christ Church University
Partner
Industry
Higher Education
Featured Products and Services
Undergraduate and postgraduate courses
Organisation Size
26,000 students, 1,800 staff, 3 campuses
Location
Kent and Medway, with partnerships across the UK
Challenge
Improve visibility and control of network traffic across widely distributed campuses, 26,000 students, and 1,800 staff. Ensure secure access to education data and prevent malware from disrupting end-user productivity.
Requirements
- Stay in front of complex threats with proven, innovative security.
- Connect students and staff to data and applications anywhere.
- Improve security posture without more headcount.
- Reduce complexity and provide complete infrastructure visibility.
Solution
Palo Alto Networks Network Security Platform incorporating: ML-Powered Next-Generation Firewalls, VM-Series Next-Generation Firewalls, Cloud-Delivered Security Services (DNS Security, Advanced Threat Prevention, Advanced URL Filtering, WildFire), Panorama, and Prisma Access
Expanding University attack surface
As the Chief Technology Officer of Canterbury Christ Church University, Andy Powell is taking concrete steps to reinforce the walls that protect student data while simultaneously respecting privacy. “We are battling an everexpanding attack surface, data silos, and security gaps,” he says. “We are entrusted by our students, faculty, researchers, and staff to make certain that data is protected.”
CHALLENGES
Data protection as critical as it is challenging
Canterbury Christ Church University is a leading British HE institution. Founded in 1962, the University offers undergraduate, postgraduate, full-time, part-time, and short courses – and apprenticeships – to 26,000 students at locations across Kent and the UK. Last year, Canterbury Christ Church was ranked third in the UK for graduates in employment.
The University is a diverse, decentralised organisation comprising thousands of students and faculty members – which makes data protection as critical as it is challenging, particularly in an era of digitisation and virtual delivery.
For example, Canterbury Christ Church students connect their personal devices to the network, and lecturers are increasingly adopting digital learning technologies. Meanwhile, the University is generating growing volumes of data that are valuable to hackers – data which is often siloed, reducing the ability to effectively detect and respond to threats.
The University also houses a wide range of sensitive data, including student identities, research data, financial details, and healthcare information. From students’ cell phone and account numbers to academic research findings, it’s vital that the University safeguards information with the highest level of security.
There is good reason for this caution. According to the UK Government’s 2022 Cyber Security Breaches Survey, 92% of HE institutions experienced breaches or attacks in the past 12 months – and IBM research reveals that the average cost to recover from an incident is £3.2 million.
REQUIREMENTS
Improve security without adding headcount
The University’s cybersecurity requirements include:
- Staying in front of the most complex threats with proven, innovative security.
- Ensuring students and staff can connect to data and applications anywhere.
- Improving their security posture without adding headcount.
- Reducing complexity and providing complete infrastructure visibility.
SOLUTION
Complete peace of mind with a Palo Alto Networks portfolio
Canterbury Christ Church has standardised on a trusted Palo Alto Networks network security strategy, comprising a connected suite of PA-Series and VM-Series ML-Powered NGFWs. Deployed in the two data centres and a hybrid Azure cloud, the NGFWs provide predictable performance and coverage of the most evasive threats – protecting up to 9,000 endpoints and 400 servers.
Palo Alto Networks is core to our network security strategy – protecting every attack vector. I couldn’t sleep at night without Palo Alto Networks. It was one of the shrewdest procurements the University ever made.
The NGFWs are complemented by a unified suite of security services, including DNS Security, Advanced Threat Prevention, Advanced URL Filtering, and WildFire. For example, Advanced URL Filtering protects the University’s guest web access, enabling the team to configure policies for different users, restrict access to sites and filter website content quickly and easily.
The WildFire service is used on both the physical (PA-Series) and virtual (VM-Series) NGFWs to detect previously unseen, targeted malware and advanced persistent threats.
Palo Alto Networks are constantly evolving their technology, so it consistently outperforms other security vendors. They have also been incredibly supportive of our journey, working alongside our small team to ensure we continually innovate and make the most of our security investment.
The University network security strategy also utilises KHIPU Networks Cloud-Native Managed Detection and Response SOC (CMDR) service. Powered by Palo Alto Networks XSOAR AI and automation tools, plus Google Chronicle Security Operations, it provides immediate incident response, remediation, and prevention.
KHIPU are part of the family – always proactive and always adding value.
BENEFITS
Protecting the data crown jewels
This innovative, next-generation network security architecture is transforming the University’s threat prevention strategy. The benefits include:
- Protected data, applications, and devices: Andy says, “Palo Alto Networks protects our data crown jewels. We have complete visibility and control to stop known and zero-day attacks hiding in network traffic, including encrypted traffic.”
- Increased operational efficiency: The lean University team uses Palo Alto Networks automation, AI, and ML to streamline and accelerate security administration. “We save weeks of time because we can understand the traffic so easily,” says Andy.
- Reduced risk: The highly resilient network security framework, features such as roll-back configurations, and the KHIPU CMDR service are helping the University to reduce risk and meet operational compliance regulations.
- Optimised performance and user experience: A previous NGFW refresh from 40Gb to 100Gb throughput ensures users benefit from a high performance, always-on bandwidth connectivity. The GlobalProtect virtual private network (VPN) also delivers flexible secure remote access for all users everywhere.
- Supporting the Prevent Agenda: Complete, connected security command and control supports the UK Government’s Prevent Agenda and reduces threats from terrorism, radicalisation, and extremism.
The University is about to embark on the next phase in its cybersecurity transformation. An imminent refresh of the Palo Alto Networks platform will see the deployment of the latest NGFWs and Prisma Access to create an even safer campus experience.
There’s a very good reason why Palo Alto Networks are the market leader. Their portfolio is always evolving: it integrates seamlessly and leverages the latest security techniques.
Learn more about Palo Alto Networks on the website where you can also read many more customer stories.