St. Lawrence College

Organization

St. Lawrence College is an integral part of the economic life and social fabric of Eastern Ontario, with campuses in Kingston, Brockville, and Cornwall. St. Lawrence College consistently ranks as one of Ontario’s leading community colleges, preparing students for the global economy with relevant, practical, and experiential learning opportunities. Offering over 100 full-time programs, St. Lawrence College is a close-knit community of 10,000 full-time students, and more than 99,000 alumni.

St. Lawrence College has a wide range of users—students and employees—who require access to business and educational resources on and off campus. Providing an open and transparent network is essential, but the college’s legacy firewalls offered only limited protection against a growing array of sophisticated cyberthreats that could disrupt network services. With rapid adoption of softwareas-a-service (SaaS) applications and public cloud resources, the college also needed a more holistic approach to security. Since standardizing on the Palo Alto Networks Security Operating Platform^®, St. Lawrence now has a rich set of intelligence-driven security capabilities, enabling the college to adopt a Zero Trust security posture across its network, endpoint, and cloud environments—and ensuring strong, consistent security.

Ensuring Access to Online Educational Resources

The business of higher education is to prepare students to succeed in whatever careers they choose. This mission is at the core of everything St. Lawrence College does as an institution, from the learning environment its faculty and staff create to the technical infrastructure and services that support them. All are focused on providing students with valuable educational opportunities to build knowledge, skills, and passion they can carry out into the wider world.

In the digital age, a critical aspect of carrying out St. Lawrence’s educational mission is providing a secure, well-performing network. Colleges are prime targets for ransomware and other malicious exploits that can disrupt or degrade network services and access to online educational resources. However, the college’s legacy port-based firewalls offered limited threat protection, insufficient to guard against modern, sophisticated cyberthreats.

David Myers, chief information security officer for St. Lawrence College, explains, “We have a lot of customers accessing our network on Wi-Fi, bringing their own devices, and accessing varied resources online. We needed a way to provide open and transparent network access while getting as much visibility as possible to protect against threats that could infiltrate our network for malicious purposes.”

Myers had experience with Palo Alto Networks from a previous position and knew the rich set of capabilities provided in the Next-Generation Firewall. Working with Palo Alto Networks to perform a Security Lifecycle Review (SLR), Myers and his team were able to give internal stakeholders deeper insight into the limitations of the legacy security infrastructure and garner support for modernizing. As a result, St. Lawrence College retired its old firewalls and deployed the Security Operating Platform across all three of its campuses.

Automated, Intelligence-Powered Security

Bringing in the Palo Alto Networks platform offered St. Lawrence College the opportunity to adopt a Zero Trust security posture to maximize defense at every point in its environment. Although fully achieving Zero Trust is an ongoing process, the security team has implemented NextGeneration Firewalls as core routers to enforce segmentation. The first objective was to segment common services into their own dedicated zones and implement App-ID™ technology to simplify the rule base.

Dave Mayo, associate director of IT systems security and networks at St. Lawrence, notes, “We primarily use App-ID for all security policies across our organization. Adopting App-ID has been a big benefit not only from the additional security it provides over traditional port-based rules but also on our server admins. We just need them to identify what applications need to be allowed, not necessarily all the ports they need open. The ports are identified for us with App-ID, which saves us a lot of time. This is the first layer of defense for us in a Zero Trust model—the approach that if one resource doesn’t need to talk to another, then it shouldn’t.”

As part of taking a Zero Trust stance, the security team at St. Lawrence College uses threat intelligence and automation provided by the Palo Alto Networks platform to proactively defend against cyberthreats. The team uses AutoFocus™ contextual threat intelligence service as its command center and MineMeld™ threat intelligence syndication engine to create external dynamic lists from multiple threat indicators in order to automatically block traffic from IP addresses known to be associated with bad actors.

Mayo says, “We take multiple threat intelligence feeds and correlate them with MineMeld, and ingest a dynamic list into the Next-Generation Firewalls to block malicious activity. It’s all automated. This has been a big help for us because of the increase in brute force attacks on our public resources. Using MineMeld to ingest multiple threat intelligence feeds in combination with the Palo Alto Networks platform of services from the endpoint to the cloud has really increased our visibility and our ability to be more proactive in our security operations.”

Coordinated Network and Endpoint Protection

Coordinating protection across the network and endpoints is essential, so the team also relies on Traps™ endpoint protection and response. Traps is now deployed on physical servers, virtual machines (VMs), and personal endpoints across the college. This is a big advancement as previously, VMs did not even run traditional antivirus software because of the negative performance impact on applications. With Traps, there is no performance penalty, and the college gains a whole new level of endpoint protection,

As Myers points out, “With Traps, we’re providing a much more intelligent level of protection compared to traditional signature-based file scanning.”

Spanning network and endpoint security is WildFire^® malware prevention service, which automatically identifies malicious executables attempting access through the network or endpoints, including unknown malware.

“Being able to use Traps and have a holistic approach using WildFire to block malicious payloads has been quite important for us,” says Myers.

The St. Lawrence team uses Panorama™ network security management to centrally administer its security infrastructure. According to Mayo, having templates in Panorama to simplify policy management has been especially helpful. “Panorama’s been fantastic for us. Across the campuses, we have a lot of similar business functions, and the rules don’t have to be different at one or the other. Instead of a traditional approach configuring separate policies at five or six locations, this also provides consistent policy enforcement across our on-premise and cloud infrastructure. We have one central place to configure the security policy and push it out once to make sure each environment is treated the same. But if we have to treat a campus or cloud application differently, Panorama gives us the granularity to do that.”

Visibility has also improved, with college-wide data stored in Strata Logging Service (formerly known as Cortex Data Lake), and Panorama provides insights into application traffic and device activity across all three campuses and remote sites. The team uses this information for a range of reporting, including a weekly summary report, a report on the top malicious endpoints, and a command-and-control report. Mayo remarks, “We have devices coming in off the street all the time, so being able to see that a college asset is in the command-and-control report allows us to proactively address that situation. Being able to spot trends helps our security posture as a whole by recognizing anomalies and shifts in network and endpoint activity that we can investigate and resolve. It is crucial for us, being a small security team, to have a single pane of glass for incident response and security operations. We need to leverage analytics and automation to be successful, and the Cortex Data Lake is a key piece in that strategy.”

Extending Zero Trust to the Cloud

St. Lawrence College is rapidly moving to adopt SaaS applications, and has a longer-term strategy to embrace a hybrid cloud model. Currently, the college relies on Microsoft Office 365^®, including SharePoint^® Online, for students and employees. Eventually, other applications—such as learning management, payroll, HR, and enterprise resource management (ERM)—will also move to the SaaS model.

To secure access to SaaS applications and govern sanctioned usage, St. Lawrence has been using Prisma™ SaaS. As the college’s SaaS and cloud strategy evolves, the security team is planning to advance to the next level of SaaS and cloud security with Prisma Access, which will enable the team to extend its Zero Trust posture into the cloud.

Myers explains, “The demand from our students is coming in from all hours of the day. With multiple campuses, and partner programs operating in international locations, we need to provide a seamless set of services. When employees and students are accessing Office 365 or spinning up VMs in a public cloud like Azure, we need to enforce security policies with the same consistency as if they are on our network. I see Prisma Access as a way of using the Palo Alto Networks platform to secure our SaaS and cloud environments without having to manage the physical infrastructure. Instead of a campus-based site-to-site VPN topology, Prisma Access will allow us to move to a cloud model where the cloud provides the connectivity layer between all the sites and a highly available set of core services that everything else links to.”

On the Horizon: Analytics-Driven Detection and Response

St. Lawrence College has built a solid security foundation by systematically implementing components of the Security Operating Platform to protect students and employees across network, endpoint, and cloud environments. The security team is now setting its sights on empowering itself with stronger analytics to improve detection, investigation, and response with Cortex XDR™.

Myers notes, “Cortex XDR will give us analytics on top of the data we’re already storing in Cortex Data Lake. It will bring better visibility into anomalies, doing that investigation work and trying to uncover what was patient zero, what was the attack vector—things that would be very difficult for a security analyst to get at by manually reviewing logs and data. We see the potential of Cortex XDR helping us cut down response times substantially.”

Expectations are continually getting higher for faster turnaround and response to incidents, and the small team at St. Lawrence College would never be able to keep up with growing demand using manual processes. Myers adds, “The game-changer with Cortex XDR is having a tool that enables the type of rapid response that’s critical today. The impact of a breach becomes much greater the more time that goes on from the time it is detected until it’s responded to—not just from preventing damage within our infrastructure, but also damage to our organizational reputation. If we have an issue and details are slow to come out, that puts the college in a bad position.”

Mayo concludes, “We chose Palo Alto Networks as a strategic partner to help us gain a holistic approach to security. As mentioned before, I truly believe—being a smaller team—we have to leverage all the sensors in our environment intelligently. In order to provide the most business value to the organization, we have to be efficient and have complete visibility into our environment. We have done a lot of the groundwork in deploying Traps, NGFWs for network traffic inspection, and Prisma SaaS, which have great prevention capabilities, but they are also rich data collectors. By leveraging the advanced capabilities related to behavioral analytics and incident investigation that Cortex XDR provides, it allows us to maximize the use of our resources, providing the most value to supporting the college and its strategic objectives.”