The Challenge
As laptops, tablets, and other devices become more available to teachers and students, ransomware incidents in education also have accelerated. One of the cybersecurity challenges facing schools is that students, teachers, and administrative staff are not typically on premises during evenings, weekends, holidays, and school vacations throughout the year.
Goulburn Valley Grammar School (GVGS) was becoming increasingly concerned about this gap in coverage. A longtime user of endpoint detection and response (EDR), GVGS decided that adding a 24×7 security monitoring layer was critical to protection. After considering solutions from Crowdstrike, Darktrace, and Trend Micro, GVGS selected our partner enabled Managed Detection and Response (MDR) Advanced.
Trevor Pye, Head of Information Systems, Goulburn Valley Grammar School, reflects, “For six years, the platform has successfully blocked numerous nasty malware incidents. With ransomware incidents on the rise, we grew more concerned we didn’t have the cybersecurity resources to monitor alerts and activity 24×7. MDR is a perfect fit with their highly skilled security experts and global intelligence networks monitoring our activity around the clock. Plus, since we are happy with the platform and support, we didn’t see any reason to change.”
The Solution
MDR delivers around-the-clock cybersecurity monitoring and remediation services to Goulburn Valley Grammar School. With MDR, GVGS gains access to industry-leading security technologies that provide comprehensive protection for endpoints, network and security analytics, and custom incident response actions. In addition, the solution is further supported by the threat-hunting expertise of a security operations center fully staffed by highly experienced security analysts.
MDR protects 1,200 endpoints at GVGS, including Windows workstations and servers, as well as virtual servers running VMware ESXi and Microsoft Hyper-V. Application environments at GVGS protected by them include Microsoft Active Directory, Microsoft Exchange, Microsoft SQL Server, and Synergetic, among others.
Cyber Security Solution
Endpoint Detection and Response, Managed Detection and Response
Organization
Gourlburn Valley Grammar School
Industry
Educación
IT Environment
VMware ESXi, Microsoft Hyper-V, Microsoft SQL Server, Microsoft Active Directory, Microsoft Exchange, Synergetic
Operating Systems
Microsoft Windows
The Results
The IT team at GVGS breathed a big sigh of relief when MDR prevented an especially insidious malware attempt.
“Outside of school hours, a student unknowingly downloaded some malicious software that captures keystrokes and exposes passwords,” recalls Pye. “Almost immediately, MDR detected the issue and isolated the device. The next day, we reimaged the student’s notebook and reset their password. Had it been a teacher’s device, then highly confidential student records would have been in jeopardy. MDR watching our back and giving us access to their security experts and knowledge have been fantastic.”
Pye adds, “Before, we didn’t have the resources to properly use all the EDR data generated by the platform or always know where to look. Because MDR monitors activity globally, it is better able to detect patterns that may be preludes to attacks.”
With MDR, the IT team has reduced time spent on cybersecurity management by 50 percent. More security-related time is available for remediation rather than endlessly sifting through EDR intelligence.
“MDR has been a massive time-saver,” Pye emphasizes. “Instead of chasing potential security issues, IT can respond to maintenance requests for our 1,200 endpoints more quickly. I now spend more time on vulnerabilities identified in the MDR portal and areas outside of endpoint security, such as penetration testing and multi-factor authentication.”
To build and operate an internal security operations center (SOC), Pye estimates the cost would be four to five times higher than MDR. Pye also notes that MDR would still provide a greater degree of continuous monitoring and global intelligence than an internal SOC.
Another highlight for GVGS has been the people, according to Pye: “The quality of support and services we receive from them has been brilliant. We have worked with other security vendors and the relationships never lasted more than one or two years. By comparison, we are about to embark on year seven and are looking forward to continuing.”
