Cybersecurity Automation Helps Short-Staffed Higher Ed IT Departments Protect Data

Colleges and Universities Face Cybersecurity Challenges

Phang describes a landscape that clearly strains the limits of manually driven cyber response. “In an average week, we may identify between 400 and 500 events that could potentially be security incidents,” he says. “Given our limited staff, managing this volume efficiently is nearly impossible.”

And cyber incident response is only a part of his job. “We are responsible for other critical tasks such as risk assessment, vulnerability management, threat hunting, vendor risk assessments, contract reviews and service-level agreement management,” he says. Since there’s no automation available to support those tasks, automating where he can becomes doubly important.

At Northeast Texas Community College (NTCC), Sebastian Barron describes a similar scenario.

For his six-person infrastructure team, “our primary responsibility is to secure a diverse range of systems and endpoints, serving approximately 3,000 students and 400 faculty and staff members,” says Barron, director of the computer and enterprise services department.

“We oversee a complex environment that includes not only traditional endpoints such as desktops and laptops but also specialized systems such as our student information system, learning management system, and the recently implemented OneCard system for campus access and transactions,” he says. That’s in addition to managing network infrastructure, server environments and various databases.

“Without automation, tasks such as patch management, endpoint monitoring and incident response require manual intervention,” he says. Such efforts “would strain our resources and increase the risk of vulnerabilities.”

At California State Polytechnic University, Pomona, Vice President and CIO John McGuthry is in the same boat as his team works to secure over 100,000 identities and respond to more than 1,000 security events each day.

“Because of the complexity and the number of systems, if you don’t have automation running in your environment, it’s really difficult to keep up, especially when it comes to the information security space,” he says. “The faster you can respond, the more likely you are to reduce the risk of bad things happening.”

RELATED: Best practices for managing institutional data in complex environments.

How Automation Helps Short-Staffed IT Departments

Given these challenges, “automated threat detection and remediation are essential tools of the cybersecurity ecosystem” in higher education, says IEEE senior member Rahul Vishwakarma. When these tools are paired with advanced machine learning algorithms and behavioral analytics, “universities can continuously monitor network traffic for anomalies, isolate compromised systems in real time and automatically apply patches to vulnerable endpoints.”

Phang, for example, needs to ensure cybersecurity for about 4,000 students and more than 500 staff members. Microsoft Defender extended detection and response paired with a security information and event management solution provide a response to these challenges, he says.

“Microsoft Defender XDR aggregates all cloud events and incidents, including those from Microsoft 365 and other resources. The SIEM tool addresses on-premises events and incidents. They categorize the incidents, providing a clear overview of what happened, how it occurred and what systems were affected,” Phang says.

Both tools include extended detection and response services, which automatically address incidents by identifying, validating and preventing malicious activity in real time. This automated approach “reduces my workload to reviewing about 20 to 30 incidents a day, a manageable number,” he says.