Colleges and universities have adopted Cisco Umbrella malware protection en masse. I’ve talked to many of the Higher Ed IT and security teams that deployed the service, and the same themes arise again and again. Mostly, their problems relate to scale. Traditional security appliances that perform deep packet inspection or proxy all network traffic just aren’t equipped to handle unusually large bandwidth needs of colleges and universities. They end up creating network bottlenecks and other performance issues. It’s also extremely expensive to stay up-to-date and avoid single points of failure.
Take for example Tri-County Technical College (TCC). The community college network serves 6,000 students across four campuses. The sheer volume of bandwidth that TCC needs to accommodate both university and student-owned devices eliminated the possibility of using most appliance-based Secure Web Gateways. A scalable, on-demand service wasn’t just the obvious choice, it was the only one that could secure all devices connecting to TCC’s network at any given time.
Vanderbilt University gave us another great example of the challenges facing Higher Education. Vanderbilt caters to the needs of more than 35,000 students, staff and faculty. Like many universities, Vanderbilt’s IT team attempted to get ahead of malware issues by offering students and faculty a client to download. But, there were just too many types of devices for this approach to malware protection to be scalable. The only way to effectively (and easily) protect every device that connected to Vanderbilt’s distributed networks, was to deploy DNS-based Internet security at the network layer.