Complete Picture of Network Threats from a Single Pane of Glass
Western Michigan University (WMU) is one of the country’s leading research universities — and also a tempting target for cyber criminals. WMU needed to prevent inevitable cyber attacks within a university network used by thousands of students, contain a threat detected by the firewall before it can spread, and quickly access multiple systems to assemble the information needed to contain a threat. This is a common concern we hear from enterprises as well — be prepared for the inevitable attack, and know you can identify and contain compromised devices quickly to protect IP, data, and company reputation.
Using Bradford Networks’ Network Sentry for Palo Alto Networks enables continuous incident response by correlating security events from the firewall with real-time information associated with compromised devices.
Now WMU can identify the compromised device, user, switch port and other key details immediately when the firewall detects a threat. They have been able save valuable time by breaking down the silos of information when the network is under attack, and isolate, restrict or block compromised devices in real-time according to policy settings.
Fawn Callen, the manager of the network architecture team at WMU, shared her insights into the importance of the integrated solution. “Network Sentry picks up the IP address and threat information from the Palo Alto Networks Next-Generation Firewall and correlates the device with the user along with network connection information. Together, the two types of information give us a complete picture of the threat — including its source and intended target on the network.”
Fawn notes that Network Sentry protects the network and saves IT staff time by bridging previously isolated silos of security information. “Using Network Sentry, IT will have a complete picture of the network threat from a single pane of glass. If a high-threat virus passes through our firewall onto a student’s machine, they’ll be able to take action faster because all the information they need is in one place.”
At WMU, Fawn expects Network Sentry to reduce the impact, time and cost of threat containment. “Without Network Sentry, we would have to sift through a home-grown registration system to identify the owner of the IP address, or decipher the IP address to determine what building the device was in, what subnet it was in and who we think is responsible. In either case, it would take us a long time to track down the user and their device.” Using Network Sentry, WMU can reduce the time to contain threats from hours to a few seconds. Clearly WMU is winning the cybersecurity race.