The Texas A&M University System had a challenging set of problems to solve. They needed to ensure that its 180,000+ users across 11 campuses and nine state government agencies could connect to the internet safely wherever they worked, without becoming vulnerable to malware and phishing attacks, accessing prohibited websites, or opening the door to information theft. To protect students, employees, and research data from cyberattacks, the security operations center needed granular visibility into all internet activities, the ability to apply consistent security controls, and the ability to block threats at the DNS and IP layers.
After considering their options, the team chose to deploy Cisco Umbrella DNS-layer security across their network environment.
Securing internet access anywhere and everywhere
After choosing Cisco Umbrella as a security partner, the Texas A&M team saw proof of value almost immediately. “We rolled it out to our networks in five minutes,” explains Dan Basile, Executive Director for Texas A&M University System Statewide Cybersecurity Services. Since deploying Cisco Umbrella only requires an organization to update its recursive DNS server addresses to get started, it only takes minutes, not weeks or days, to start seeing results.
Their security operations team saw immediate impacts from Cisco Umbrella cloud security protection at the DNS layer. “After the first month of using Cisco Umbrella, the number of malware blocks was in the millions,” says Basile. “Our information security officers said, ‘We’ve seen an enormous drop in the amount of successful malware, and we see even fewer phishing attempts for email too.’”
Beyond malware protection, the team was also able to quickly enable protection for its large number of remote workers, including students, faculty, researchers, and staff. “The Umbrella roaming client is great because it protects that user and asset no matter where they are. You have the same policy set being pushed down to it and the same DNS protection no matter where it lives,” says Basile.
Hear from the Texas A&M System team about how Cisco Umbrella helped improve their security (2:48):
Stopping cyberattacks before they start with threat intelligence
With DNS-layer protection, a potential malware infection can be stopped before it even gets to the download phase. This allows security teams to focus on more complex and sophisticated threats, by freeing up investigation time for its security analysts and reduce the amount of time spent on the remediation of malware. “The biggest impact we saw from Umbrella was the drop in the number of security alerts on our other tool sets. We’re probably saving about 100 hours per week across all of my employees due to the reduction in these alerts,” noted Basile.
Using the threat intelligence and context available through the Cisco Umbrella Investigate console offers security teams another invaluable tool. “We use Umbrella Investigate as a single stop to be able to dig deep on DNS investigations,” explains Basile. “We’re taking the information coming out of Cisco Investigate and using it as a resource to correlate against our other threat intelligence sources. The depth of information in Investigate makes it much easier for us to tell if we are looking at a legitimate traffic, a bad actor, or just a misconfiguration.” Beyond using the Investigate console for threat intelligence, the A&M System security team discovered another, creative use case: they use Umbrella Investigate as a training platform for students studying to become the next generation of security analysts.
Read the case study to learn more about how the Texas A&M System used Cisco Umbrella DNS-layer security to protect roaming users in a complex environment and reduce security alerts by 50%.
