Education

Technology evolves in school districts

Region 17 Education Service Center (ESC-17) is one of 20 regional service centers in Texas. “Our overall mission is to support the education system, and we facilitate projects from Texas Education Agency down to the school districts,” says Michael Richardson, network specialist for ESC-17.

Richardson is responsible for supporting the technology needs of the schools, which includes WAN connectivity, internet services, and firewalls. “We provide internet access to 34 school districts with 19,000 students and 4000 staff in total. On a normal day, our max utilization is roughly 7–8 Gbps of internet traffic daily,” says Richardson. “We support a pretty good range of schools—from smaller schools with 100 students and less than 30 staff to bigger schools with a few thousand students and nearly 200 faculty and staff members spread across multiple campuses.”

The technology needs of these schools are diverse and at times present unique security challenges.  “The fun thing about securing the schools is you never really know what the schools will ask for, and just trying to protect them from themselves is a lot of it,” Richardson explains. “For example, to simplify their tasks, we may get a request to open up a server to the internet. They often assume being too small of a target means that the bad actors will not pick on them. We have to educate the school staff so they understand why it is not a good practice to expose the servers to the internet and why it is important to have a firewall.”

Each school’s security posture differs. “Some of our schools don’t have a single server open to outside networks, and then there are other schools who have dozens of servers exposed to support applications like security cameras,” remarks Richardson. To securely deliver the diverse needs of so many school districts, Richardson had to look for a security solution that offers efficiencies.

A solution that simplifies security

Richardson isn’t new to Cisco security solutions. He explains, “We’ve been running Cisco firewalls for several years using the on-premises Cisco Secure Firewall Management Center (FMC). Earlier, we had a centralized firewall with the schools in individual DMZs [demilitarized zones] on that firewall. It worked fine until the schools began implementing more VoIP services and other applications. We got to a point where school district A needed this particular global setting set one way, and school district B needed that same global setting set another way. That’s when our centralized firewall design became inadequate to provide both school districts A and B with the services that they requested.”

So Richardson started exploring options to transition to a decentralized firewall. “Before, we had routers in the schools, and the traffic used to pass through one central firewall. Now, we want to implement firewalls at the individual school districts,” says Richardson. That’s when he discovered Cisco Defense Orchestrator (CDO) and its cloud-delivered FMC (cdFMC). Richardson elaborates, “Having used Cisco’s on-premises FMC extensively, adopting its cloud-delivered counterpart seemed like a no-brainer because I wouldn’t have to completely relearn the wheel.”

Cisco Defense Orchestrator adoption went seamlessly for ESC-17. “Cisco took care of upgrading to CDO in the backend, which simplified the entire migration process. We were only responsible for upgrading the individual firewalls. And the best part was, since they are cloud-delivered, I could manage the firewalls from anywhere,” Richardson comments. “To secure the diverse technology needs of the schools, CDO is a very cost-effective solution for us.”

“One of the things that I enjoyed with CDO was just having it (automatically) sized correctly. Having it all in the cloud just made it a lot easier for me because I didn’t have to worry about installing hardware, and most of the network provisioning was transparent to us. I have been extremely happy with it,” says Richardson.

Getting the most from the cloud and AI

Cisco Defense Orchestrator came with new features that simplified managing security policies and posture for Richarson. “Now, I can more easily troubleshoot issues thanks to the extended event logging time frame in CDO. The ability to analyze the events over a bigger timescale in a single window eliminates the need to configure a separate assist log server,” says Richardson. “Having the long timescale for event logging is a huge advantage as it gives me fine-grain visibility into who's trying to hit us the most and the ports they are targeting. More event data gives visibility to the attack vectors. For example, are the bad actors trying Secure Shell (SSH) or remote desktop or something else to get into our system? This threat information is critical because it helps us secure the school they are targeting and also helps us prevent other schools from getting hit.”

There are other ways Cisco Defense Orchestrator’s cloud-delivered software as a service (SaaS) helps Richardson improve its security posture for Region 17. “A huge benefit with CDO is that the security updates are transparent and more frequent. For example, if Cisco discovers new IP blacklists, the updates happen automatically on the CDO side,” Richardson explains. “Automatic updates make it very efficient for us. In instances when a country suddenly decides to use a different set of IPs or if we want to implement geo-blocking, the automatic updates simplify our lives.”

The schools store students' identity data, which makes them prime targets for identity thefts. Since students typically don’t apply for credit cards, their stolen identities can escape detection for years. “But thanks to CDO’s improved event logging capability, we now have visibility into this sort of activity and can share the information with other schools in the region. One probe can completely stop an entire systemic infestation,” says Richardson.

Within Cisco Defense Orchestrator, organizations can also benefit from the AI Assistant for Security. “The step-by-step instructions the AI Assistant gives are simply brilliant,” Richardson remarks. “The greatest benefit is that it enables me to do things that I don’t or couldn’t do on a normal basis. While it may be possible to gather the same information in a Google search or Cisco technical documents, those alternatives are more time-intensive. The steps to implement one function may be scattered across multiple sites or documents. Another benefit of the AI Assistant is that it can process natural language queries (NLQs), simplifying and expediting how we work.”

Cisco Defense Orchestrator’s low-touch provisioning makes it easy to onboard firewalls. “You can get a firewall into CDO within just a few minutes using nested policies. At that point, it automatically gets those security updates or policies. All you have to worry about are the specific access policies for that school. For example, if their video surveillance server needs to be open to the internet and the like,” says Richardson.

Advancing with simplified security management

The Cisco Defense Orchestrator platform has simplified security management for ESC-17 so it can seamlessly scale its services across the school districts. “It makes a great difference when a security event hits one school. We can immediately use that information to block (that) communication with the firewalls in other schools. We fix it only once and then push it to other firewalls instead of fixing it individually,” Richardson remarks.

“Again, if the Texas Education Agency requires us to allow or block an IP, we push the change out to everybody at once. The ability to consistently operate the same way every single time helps improve our security posture,” Richardson continues. “CDO also makes it a lot easier to get resized and expand by adding more devices because it is all handled on the cloud side.”

In supporting the individual firewalls in the school districts, pushing new deployments is a regular task for ESC-17. “CDO enables us to simultaneously push deployments to multiple appliances and do it nearly 70% faster,” says Richardson. “If there’s a network issue, the ability to fix and apply the change so much faster is a huge bonus for us, especially when we are responding to an urgent support request from a school district.”

“Our customers, the schools, are happier. We can serve their needs better and faster. With CDO features like the AI Assistant and cloud-delivered security management, we have simplified technology for them,” Richardson adds. “Before, when upgrading the centralized firewall, if anything went wrong, it took everybody down. Now, by effectively managing the individual firewalls, we no longer have a single point of failure. That adds resilience to the services we offer to the schools. Ultimately, it boils down to simplicity, effectively securing against the bad actors, and reducing downtimes. Managing the individual firewalls with CDO is helping us on all those fronts.”

Richardson concludes, “Knowing that Cisco is taking care of the upgrades in the cloud—such as being able to access things from anywhere, nest things a little easier, and push out fixes to devices all at once—is a huge bonus for me. I will always recommend CDO to anyone looking.”