Mark Wantling, Chief Information Officer, the University of Salford, discusses the institution’s need to provide a safe and secure environment for its students, which gave it full visibility over its assets and the ability to close hundreds of thousands of endpoint vulnerabilities. Wantling explains how the visibility Tanium provided it with meant that the university was able to identify and fix thousands of missing patches and remediate issues and threats in minutes.
Tanium, the provider of endpoint management and security built for the world’s most demanding IT environments, recently announced that the University of Salford has used the Tanium Platform to strengthen its defence against a surge of cyberattacks targeting the education sector.
Tanium worked with the university to help it overcome several challenges that have emerged over the last year. It faced a rise in the number of cybercrime threats, such as ransomware, as well as nation state attacks launched in an attempt to steal COVID-19 research data.
These threats applied pressure to the University of Salford’s IT infrastructure which consists of a complex blend of on-premise and cloud systems – all supporting the operations of four different schools. The environment was based on a legacy IT architecture which was not prepared for the complications caused by COVID-19. The pandemic forced the university to provide mass remote learning, but it needed to find a better way of gaining visibility and control over the devices connecting remotely to its network (endpoints). This is important because vulnerable endpoints offer attackers a much easier route into the IT environment and increase the chance of a damaging breach occurring.
Tanium provided the required visibility and control, minimising the university’s fundamental risk and strengthening its incident response capabilities. The Tanium Platform was used to discover previously undetected endpoints hidden in the network, many of which were missing critical patches and software updates. This reduced the number of missing critical patches by more than 99%, from 38,000 to 238. Tanium also helped the university reduce the time it takes to carry out software patches by 66%, with near-perfect coverage.
“During a particularly testing period, we had to deal with two zero day attacks within a two-month spell,” said Mark Wantling, Chief Information Officer for the University of Salford. “Each time, we utilised Tanium to quickly identify vulnerable assets across our distributed network, patched them and reported the incident to the board in less than a few minutes. The speed at which we can now respond to these types of threats has helped level the playing field between us and the attackers.”
We caught up with Mark Wantling, Chief Information Officer for the University of Salford, to hear more about the implementation and its benefits, and what the future holds for the university.
Can you tell us about your role at the university and what this looks like day-to-day?
My role has changed significantly over the course of the pandemic and has been thrust into the spotlight, increasingly focusing on a transformational role as opposed to the traditional technology role. It involves both driving the university’s Digital Transformation and building a stable and secure IT environment to support hybrid teaching, learning and research.
I’ve also been more engaged in boardroom conversations about the impact of the pandemic and Digital Transformation, highlighting the changes and what this means for our students and staff.
Why did you decide to work with Tanium on this occasion?
Over the course of the pandemic, many educational institutions have had to change their approach in response to the changing threat landscape.
For example, we’re seeing higher educational institutions targeted more regularly by nation state sponsored attackers as well as ransomware gangs.
After conducting a security assessment, we realised the university had a lack of visibility of our assets and we were unable to make sure that everything was secure and up to date. We brought in Tanium to provide a safe and secure environment – giving us full visibility of our assets and closing hundreds of thousands of endpoint vulnerabilities.
Due to the visibility Tanium provided us with, we were able to identify and fix thousands of missing patches and remediate issues and threats in minutes. It has also brought our team closer as our security and operations team work more closely together.
What challenges were you looking to address ahead of the implementation?
As I alluded to earlier, the pandemic created a host of new security challenges that we needed to respond to. Not least, we had to adjust teaching and learning systems in a matter of weeks in order to accommodate remote learning.
We had over 5,500 endpoint devices which we needed to secure across our estate, in an environment where our IT infrastructure was large and siloed. We lacked the tools needed to spot attacks and patch vulnerabilities quickly – and there was therefore a concern that if the university was attacked, we wouldn’t be able to respond fast enough to prevent harm.
How much of a target is the education sector when it comes to cyberattacks?
The higher education sector has long been an attractive target for cybercriminals, but the sector’s vulnerability has significantly increased over the last 18 months.
For example, it’s seen increased ransomware attacks and nation state attacks launched to steal COVID-19 research data. Universities work with several different organisations in a research capacity, so cybercriminals may see the sector as a route to targeting more complex, larger organisations that hold valuable information but that tend to invest more in cybersecurity.
The education sector has a sprawling number of endpoints to secure, with most universities having little visibility or control – something that the shift to remote and hybrid learning has exacerbated. There’s also a near constant stream of joiners and leavers in the higher education sector which creates a unique set of challenges when it comes to securing endpoints and properly managing them.
What proportion of your IT budget is taken up by cybersecurity spend/investments?
We have spent approximately £2-3 million over our initial budget on cybersecurity in the last financial year – as a result of the challenges presented by the pandemic. It’s worth noting that some of this investment was in IT operations ‘basics’ such as visibility and asset management controls, which we believe provide the critical foundations required for a strong cybersecurity programme.
Each year, we also put £500,000 towards refreshing hardware on campus. We recently utilised this pot of money to create a ‘hardware fund’ for students who couldn’t afford to purchase devices themselves, as part of our emphasis on improving digital interactions for those from disadvantaged backgrounds. The scheme allows students to cash in vouchers for new devices on campus.
Can you give us some insight into your strategy for instilling a robust cybersecurity culture across the institution?
Team silos have traditionally created difficulties for us, and the institutional structure seemed to encourage this divide.
In my role, I’ve therefore been dedicated to trying to drive an ‘infosec culture’ which seeks to tackle the misconception that cybersecurity issues or attacks are simply just an ‘IT issue’. Good cybersecurity is everyone’s responsibility and everyone plays a significant role in protecting the institution – not just that of security and IT teams.
One activity I conducted to engage the university’s board of directors was to take them on a quick tour of the Dark Web. I demonstrated how easy it was for criminals to purchase data related to other educational institutions that had recently been targeted by cyberattacks, and how attackers can use these to gain access to and leverage a network.
Secondly, I showed them how the entry level to becoming a cybercriminal has reduced significantly. Attackers no longer need to know how to code as they can purchase credentials from initial access brokers, or even purchase a cyberattack ‘package’ through new and emerging ‘Ransomware-as-a-Service’ providers.
Through this exercise, I was able to visually frame the repercussions of a cyberattack and show just how easy it is for people to purchase credentials from a senior level person or stolen data from an educational institution like ours.
How has Tanium’s solution enabled the university to strengthen its incident response capabilities and what benefits has this provided?
We have a mixture of hardware and software across the University of Salford campus. However, prior to adopting Tanium, the visibility across university devices was quite low – an issue that became apparent during a recent pentest we conducted.
This was a massive problem because without such visibility, we had no knowledge of what exact devices we have and what they could potentially be running, which left us in a highly vulnerable position.
Tanium’s solution has therefore been key to allowing my team and I to have this knowledge at all times and in real time; within under 20 minutes, for example, I can now have a patch compliance report collated for review. This is also beneficial across the wider business as being able to provide such data on demand gives us more credibility among the university’s board when discussing matters related to cybersecurity.
Prior to partnering with Tanium, it took us four to six weeks on average to patch vulnerabilities – a time average which has now been reduced to just 24 hours. The partnership has ensured our IT infrastructure is better protected by giving us the tools needed to respond to threats more quickly. It’s also driven collaboration across previously siloed teams, as we now all work from the same dataset – which allows us to identify false positives and address key issues far more efficiently than before.
What does the future hold for the university from a technology standpoint?
For the next year, our programme will be focused on making sure our actual level of risk meets our risk appetite; something we have a lot of work to do to achieve. We’re currently at a lower level of maturity and have more risk than we’re comfortable with.
We’re looking to close that gap by continuing to invest further in technology, to improve what we’ve got in place and implement new tools where needed. Our strategy will be to maximise value from a small number of important tools, rather than lots of different ones, to ensure teams can continue to be able to work closely together with the same data.
We are also constantly aiming to improve our facilities and processes to enhance the user experience. Our response to the pandemic has shown we’re incredibly agile as an organisation, capable of delivering high-quality solutions and Digital Transformation initiatives under pressure and within short periods of time. My aspiration is to keep that momentum up in order to maintain this agility long-term.