Higher Education Cybersecurity

Supporting a Secure Smart Campus with Support for Free Expression

College and university campuses are centers of innovation in many areas, and IT is no exception. Advanced research and smart campus initiatives provide educational opportunities and enhance student life, but they also bring new network security risks to the institution. Cyberattacks on higher education are on the rise. A recent study finds that attacks resulting in compromised data occurred 101 times in the past year, up from just 15 incidents five years ago. And at the beginning of the current academic year, two institutions were hit with devastating ransomware attacks that completely shut down their networks for a week or longer.

Colleges and universities are attractive targets for cyber criminals. Their networks house advanced research data—including for defense-related and commercial research, of interest to nation-state attackers and those conducting industrial espionage. According to the 2019 Verizon Data Breach Investigations Report, 11% of attacks on higher education institutions in the past year were espionage-related.

Higher education networks also contain a plethora of personal, financial, and medical information for students, alumni, faculty, and staff—a relatively affluent population. Adversaries aiming to create chaotic operational disruptions see opportunities in higher education institutions, which often act as a single source of most of life’s necessities for their on-campus students. And colleges and universities often host thousands of privately owned devices on their networks, complicating endpoint security and increasing the risk of intrusions.

Protecting Higher Education with the Fortinet Security Fabric

Protecting Higher Education with the Fortinet Security Fabric

Read Now
University Networks Face Growing Threats as Attack Surface Expands

University Networks Face Growing Threats as Attack Surface Expands

Read Now
How the Right Solutions Can Secure a University Network

How the Right Solutions Can Secure a University Network

Read Now

Key Higher Education Cybersecurity Challenges

safety

A Reactive Risk Strategy

Historically, higher education institutions have had a more reactive stance to cybersecurity, responding to threats as they occur. There are several reasons for this: tight cybersecurity budgets, a deliberate approach to making changes to IT systems, and a desire not to diminish students’ ability to exercise free expression due to mandated security practices. Regardless of the reasons, institutions simply cannot keep pace with the volume, velocity, and sophistication of advanced threats today. Traditional security approaches are ineffective in detecting, responding to, and preventing threats. This exposes critical institutional data and systems to data loss and operational disruption and outages. 

cost

A Growing Attack Surface

The number of network-connected devices has increased exponentially in recent years, and many of those devices are not owned by the institution. One study finds that students bring an average of eight or nine devices to campus. Despite the best efforts at user education, some students are prone to risky online activity. At the same time, the number of cloud applications being used by institutions has mushroomed. All these trends contribute to a greatly expanded attack surface that requires a strategic, coordinated approach to security.

operation

Thwarting Insider Threats

Academic institutions are devoted to the principles of free expression, transparency, and sharing of information. Threat actors are aware of this and take advantage of this culture of openness to launch attacks that can ultimately threaten free expression. In a world where trust is no longer a static concept, even internal traffic between departments, faculty, staff, and students can lead to intrusions—whether by trusted individuals or by hackers impersonating them. Institutions struggle to find new ways to intelligently segment the network and to verify the trust of each user and device that seeks access.

compliance reporting

Rationalizing IT Operations

A rapidly expanding attack surface has prompted many institutions to purchase point products to cover specific needs. They also tend to rely on the built-in security tools for each public cloud they utilize. Regardless of the adequacy of the individual tools, their lack of integration with each other results in a heavily siloed security architecture. This creates immense operational inefficiencies as highly paid cybersecurity staff spend valuable time correlating log information and creating manual reports. These manual processes also hamper threat detection and response in today’s fast-moving threat environment.

compliance reporting

Maintaining and Reporting on Compliance

Higher education institutions must stay compliant with a variety of regulations and standards. They must protect the personally identifiable information (PII) of students, electronic health records, grading systems, payment card and bank account information, and research data, to name a few. And the Jeanne Clery Act requires them to provide timely warning of crimes on campus to students and staff. Audits are frequent enough that redeploying staff from strategic initiatives to preparing compliance reports is not a workable solution.

The Fortinet Security Fabric delivers a broad, integrated, automated security solution for today’s complex digital campuses.

Learn More
Fortinet enables secure, high-performance networking between campus locations, decentralized schools and departments, and research sites.

Learn More
Fortinet enables integration of cybersecurity, physical security, and voice communications for simplified operations, easy reporting, and enhanced campus safety.

Learn More
The Fortinet Network Security Academy enables colleges and universities to integrate staff continuing education with academic training to keep students up to date.

Learn More
Cybersecurty for higher education Diagram smart-campus campus-safety decentralized-campus integrative-cio-ed
Click on a specific section of the diagram to get more details

Fortinet Differentiators for Higher Education Cybersecurity

integration

Integrated Platform

Fortinet delivers a flexible platform for building an end-to-end, integrated security architecture for institutions of higher education—from the data center to the endpoint to multiple clouds. An open application programming interface (API) and Fabric Connectors help integrate third-party tools to accommodate prior investments and niche protection.

branch network

Secure Branch Campus

Fortinet offers a comprehensive software-defined wide-area network (SD-WAN) and secure networking for brand campuses and other remote locations. This eliminates the need for expensive multiprotocol label switching (MPLS) bandwidth, provides optimal security, and improves network performance.

defense

Networking, Cybersecurity, and Physical Security

Fortinet delivers the ability to consolidate networking, cybersecurity, and surveillance functions into a single pane of glass—whether at the main campus, a branch campus, or another location.

insider threat prevention

Insider Threat Protection

Fortinet delivers a comprehensive and multilayered solution to guard against accidental and deliberate insider threats with identity and access management supplemented by network access control (NAC),  intent-based segmentation, deception technology, and user and entity behavior analytics (UEBA)—all integrated for centralized visibility and control.

threat intelligence

Robust Threat Intelligence

FortiGuard Labs delivers comprehensive intelligence from a large global network of firewalls and an artificial intelligence (AI)-powered self-evolving detection system (SEDS) that has refined its algorithms using machine learning (ML) for nearly eight years. This has resulted in extremely accurate, real-time identification of zero-day and unknown threats before they can cause problems on the broad, resource-intensive networks used by higher education.

security advisor

Industry Leadership

Fortinet is recognized as a Leader in the Gartner Magic Quadrant for Network Firewalls, achieved the best score in the NGFW Security Value Map from NSS Labs, and has achieved nine “Recommended” ratings from NSS Labs.

The Smart Campus

A college or university campus is, in many ways, a city unto itself. This means that the various concepts that are collectively referred to as a “smart city” can also apply to higher education institutions. For example, today’s students access myriad services all over campus with a single ID card—or even a mobile app. On-campus students may use these cards to access most of their daily needs, from food to housing to entertainment. This consolidated approach makes for a seamless experience for the student, but it presents multiple opportunities for attackers to infiltrate campus networks.

At the same time, colleges and universities are hotbeds of digital innovation—among students, faculty, and researchers. Campus research networks often host extremely sensitive data and require robust security, high processing speeds, and low latency. Student and faculty networks now utilize myriad cloud-based services, and often host thousands of mobile and Internet-of-Things (IoT) devices. Encrypted traffic is now the rule rather than the exception, but security solutions that inspect this traffic often slow network performance.

To provide protection in this challenging environment, colleges and universities must deploy a variety of defenses that together provide layers of protection against the wide range of advanced threats. However, this protection cannot operate in different, unconnected silos. Rather, the security architecture must be integrated from end to end—from the data center to multiple clouds and to the wide array of devices at the network edge. Full integration not only supports optimal operational efficiency but also enables automation of security processes including threat detection and response—the only way to counter threats that now move at machine speed.

The Fortinet Security Fabric delivers a broad, integrated, and automated security solution with end-to-end integration that brings centralized visibility and control spanning the entire institution. A wide array of Fortinet cybersecurity tools integrates seamlessly into the Fabric, along with dozens of third-party solutions delivered by Fabric Partners. And an open ecosystem and extensive application programming interface (API) tools make the integration of other third-party tools possible.

The Security Fabric is built on the foundation of FortiGate next-generation firewalls (NGFWs) and artificial intelligence (AI)-powered threat intelligence from FortiGuard Labs. Integrated tools for security orchestration, automation, and response (SOAR) and security analytics tools enable a strategic and coordinated response to advanced threats. Advanced endpoint protection and network access control (NAC), tools protect endpoint and IoT devices. And network-based video security can also be integrated into the Security Fabric.

For the hybrid cloud infrastructure, Fortinet Dynamic Cloud Security solutions break down silos between clouds and enable consistent policy management and a single-pane-of-glass view of the entire infrastructure. They feature native integration with all major public cloud providers, broad protection to cover all elements of the attack surface, and management and automation capabilities that enable consistent, timely threat detection and response.

The Fortinet Security Fabric enables technology companies to protect the entire infrastructure through centralized visibility and control, unlocking automation, and simplify reporting and analysis. The result is enhanced security for critical assets like intellectual property and student information.

 

FortiFone IP telephones provide a feature-rich experience with high-quality audio and dedicated keys for the most common features. FortiNAC provides visibility across the entire network and the ability to control access for all devices and users, including dynamic, automated responses. FortiGate NGFWs utilize purpose-built security processors to help companies deliver top-rated protection and high-performance inspection of clear-texted and encrypted traffic. They are available in multiple form factors. FortiClient and FortiEDR strengthen endpoint security through integrated visibility, control, detection, response, and proactive defense and enable organizations to discover, monitor, and assess endpoint risks in real time. FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches. FortiInsight user and entity behavior analytics (UEBA) technology detects behavioral anomalies and noncompliant activity that may represent possible insider threats. FortiAnalyzer provides analytics-powered cybersecurity and log management to provide better detection against breaches. FortiDeceptor complements a school district’s existing breach protection strategy by deceiving, exposing, and eliminating attacks originating from internal and external sources before real damage occurs. FortiSIEM simplifies security information and event management by delivering visibility, automated response, and fast remediation in a single solution. The FortiAuthenticator identity and access management solution and FortiToken tokens grant access to users on a need-to-know basis. The FortiAuthenticator identity and access management solution and FortiToken tokens grant access to users on a need-to-know basis. The FortiAuthenticator identity and access management solution and FortiToken tokens grant access to users on a need-to-know basis. FortiGate NGFWs utilize purpose-built security processors to help companies deliver top-rated protection and high-performance inspection of clear-texted and encrypted traffic. They are available in multiple form factors. FortiGate VM and SaaS offerings perform inspection of traffic entering and leaving the cloud, including SSL/TLS encrypted traffic. FortiCWP evaluates and monitors cloud configurations, pinpoints misconfigurations, and analyzes traffic across cloud resources. FortiWeb web application firewall secures cloud-based resources and DevOps environments by protecting against known and unknown threats, including sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, and DDoS attacks. FortiCASB manages access to valuable cloud applications and data across multi-cloud deployments.
smart campus diagram fortifone fortinac ngfw forticlient fortimanager fortiinsight fortianalyzer fortideceptor fortisiem fortiauthenticator-multi-factor fortiauthenticator fortitoken ngfw-user ngfw-virtual forticwp fortiweb forticasb
Click on a specific section of the diagram to get more details

The Decentralized Campus

Most colleges and universities now provide services at multiple locations—branch campuses, learning centers, study-abroad locations, and remote research sites—in addition to the main campus. Operating in different countries adds to cybersecurity complexity, and international threat actors reside in some countries hosting remote campuses for U.S. schools. At the same time, large universities are now often structured so that individual schools, colleges, and even departments under the university umbrella purchase services from the central IT department on a chargeback basis. This results in a decentralized model even when different entities exist on the same campus.

Just as higher education institutions must build cybersecurity into the main campus infrastructure, security-driven networking is vital at other locations controlled by the university. Connections between locations must be secure, cost effective, and high performing. And institutions need the ability to scale their network traffic according to spikes and lulls tied to the school calendar.

FortGate next-generation firewalls (NGFWs) include highly secure and cost-effective software-defined wide-area network (SD-WAN) technology, allowing network traffic to travel between campus locations on the public internet—or even over a virtual WAN (vWAN) within select public clouds. This eliminates the need for expensive multiprotocol label switching (MPLS) bandwidth to connect locations.

At the remote location itself, Fortinet SD-Branch solutions extend the SD-WAN solution to the access layer. This enables secure networking at branches and consistent security coverage from the internet, to the wireless network, to the switching infrastructure.

Fortinet solutions for secure branch campuses and remote facilities enable institutions to provide secure, high-performance networking with branches, eliminating the need for MPLS circuits to connect campus locations.

 

FortiGate Secure SD-WAN combines next-generation firewall (NGFW) security, advanced routing, and WAN optimization capabilities to deliver high performance and security in a unified offering. FortiAP delivers secure, wireless access to distributed enterprises and branch offices and can be easily managed as a physical appliance or via the cloud. FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet access layer switches to deliver superior security, performance, and manageability. FortiNAC provides visibility across the entire network and the ability to control access for all devices and users, including dynamic, automated responses. FortiSIEM simplifies security information and event management by delivering visibility, automated response, and fast remediation in a single solution. FortiInsight user and entity behavior analytics (UEBA) technology detects behavioral anomalies and noncompliant activity that may represent possible insider threats. FortiDeceptor complements a school district’s existing breach protection strategy by deceiving, exposing, and eliminating attacks originating from internal and external sources before real damage occurs. FortiPresence provides insight into the physical movement of people within OT sites both in real time and across time periods by leveraging the existing onsite Fortinet access points to detect each person’s smartphone Wi-Fi signal.
decentralized campus secure-sd-wan fortiap fortiswitch fortinac fortisiem fortiinsight fortideceptor fortipresence
Click on a specific section of the diagram to get more details

Integrative CIO and Cybersecurity Education

Higher education institutions often offer academic courses and degrees on cybersecurity. At the same time, cybersecurity specialists on staff require ongoing training to keep their skills current. Unfortunately, what is covered in an academic setting may be more theoretical and less specific to the current threat landscape than what a staff member needs. As a result, cybersecurity staff members might need to look outside the university setting for their continuing education, and students may graduate with inadequate preparation for jobs in the field.

College and university CIOs can help bridge the gap between academics and the real-world threat landscape by establishing a partnership with industry that ensures up-to-date threat information while conveying the latest recommendations for best practices.

To support them in these efforts, the Fortinet Network Security Academy offers a comprehensive, eight-level Network Security Expert (NSE) certification program that independently validates cybersecurity professionals’ skills. It includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.

The Fortinet Network Security Academy enables higher education CIOs to bridge the gap between academics and current cybersecurity best practices and help both students and staff members to keep up to date with industry-recognized cybersecurity certifications.

 

The Fortinet Network Security Academy (FNSA) program enables institutions with the resources to facilitate Fortinet’s industry-recognized certification curriculum. The eight-level Fortinet Network Security Expert certification program is designed for technical professionals who are interested in independent validation of their network security skills and experience.
integrative cio and cybersecurity education diagram certification fnsa
Click on a specific section of the diagram to get more details

Campus Safety

The safety of students is a college or university’s biggest responsibility. Criminal activity on campus is often well publicized. Unfortunately, other crimes, including some sexual assaults, are not highly visible because victims are too intimidated to go public with accusations. Higher education institutions have the moral obligation to do everything they can to prevent such crimes—and protect other potential victims when they do. This is the motivation behind the Jeanne Clery Act, which requires colleges and universities to provide timely warning of crimes on campus.

Physical security is a complex undertaking for a college or university. Multiple buildings are interspersed with large expanses of landscaping and sidewalks moving in every direction. Institutions should ensure that security cameras cover all parts of the campus with foot traffic, as well as building interiors. And the video security infrastructure should be network connected and protected by the university’s cybersecurity infrastructure. Integrating voice communications into the whole simplifies operations and helps smooth emergency response by campus police and other campus officials.

The Fortinet Security Fabric integrates voice, cyber, and physical security so that the entire safety and security infrastructure can be viewed on a single pane of glass. This enables voice systems, security cameras, recorders, emerging facial recognition and weapons detection technologies, and recordings of footage to be a part of the campus’s overall security architecture.

Fortinet campus safety solutions enable a comprehensive approach to cyber and physical security with single-pane-of-glass monitoring.

 

FortiFone IP telephones provide a feature-rich experience with high-quality audio and dedicated keys for the most common features. FortiVoice Enterprise systems include all the fundamentals of enterprise-class voice communications, with no additional licenses to buy or cards to install. FortiCamera offers a suite of secure, network-based video cameras to incorporate physical cybersecurity with network cybersecurity and bolster protection against cyber-physical attacks. FortiRecorder records footage from cybersecurity cameras with scheduled or manual recording and continuous or motion-activated activation. The Fortinet Security Fabric delivers a unified approach to cybersecurity that is broad, integrated, and automated.
campus safety diagram fortifone fortivoice forticamera fortirecorder security-fabric
Click on a specific section of the diagram to get more details