Cyber automation enables UNC school to focus on bigger threats

Don Bryant, the CISO at UNC Pembroke. (EdScoop)

Share

With a team of only three people, the University of North Carolina at Pembroke has deployed advanced cybersecurity automation tools to better protect students, teachers and faculty against an increasing number of cyberattacks.

“We’re a small, rural university with a little over 7,000 students,” Don Bryant, the chief information security officer at UNC Pembroke told EdScoop. “We’re a three-man team, but we’re doing encrypted threat analytics and more.”

Bryant, who joined the university nearly three years ago, has since led a huge cybersecurity transformation. Through an enterprise agreement with Cisco, which was partially funded through the company’s loan program, the university received access to the company’s suite of security tools, including ones that allow automated response to threats across the network.

The first step of the process, Bryant said, was about visibility. Using the APIs built into Cisco’s Threat Response tool, the university began getting new information from is network’s endpoints. The intelligence allowed Bryant’s team to quarantine potential intrusions, block further access to the network at large and pivot response based on the detections.

“We’re looking at the severity, we’re looking at the sandbox to see the level of threat — we hit those first,” Bryant said. “Then, we got rid of all of the next-highest severity threats, and then once we made it to the end, we could deal with new threats coming in.”

When Bryant first began the overhaul of the university’s cybersecurity efforts, the university had “a lot of crazy stuff going on,” he said, including some machines that had been hit with malware, defacements across university websites, and more. But by switching to layered defense, especially with additional automation tools from the Cisco security suite, the quantity of alerts and threats began to drop.

“After maybe a month or two, after we got through those ankle-biters [and turned on automation to deal with the reoccurring issues], we were able to focus on higher severity threats and got [alerts] down to one or two a week, which helped us prioritize on the more dangerous stuff,” Bryant said.

Most of Bryant’s response now originates with unexpected activity appearing across the university’s network — like a user plugging in a USB device or downloading a file from a personal account.

“Those things still pop up,” Bryant said. “For some of those, though, we actually have to touch the machines. For the most part, we’re trying to protect and block that stuff at the edge so that we don’t have to do anything on the machine. We just block it across the network.”

When a student, faculty or staff device is blocked access from the network because of a security threat, Bryant said his team notifies the user and asks them to bring their device to the IT support center. From there, the team works to find the issue and remove it from the device.

Bryant also chairs the UNC System’s IT security council, where he is exposed to the work being done at other larger universities. In that role, he said he hopes to spread the work that he has underway to the rest of the system.

But even compared to some of the bigger schools in the system — like UNC Chapel Hill, which has more than 29,000 students — Bryant said something special is happening at Pembroke.

“It’s crazy how well protected we are, even compared to some of the biggest schools with some of the biggest money,” Bryant said. “Us being small, we can be nimble and we can get more done.”

TwitterFacebookLinkedInRedditGmail