Lancope® and Ziften Deliver End-to-End Visibility and Protection to Pennsylvania’s Council Rock School District
Integrated Solution Swiftly Detects and Remediates Internal and External Threats
Today, Lancope, Inc., a leader in network visibility and security intelligence, and Ziften, a next-generation Endpoint Detection and Response (EDR) security solution provider, announced that the Council Rock School District (CRSD) has implemented the companies’ integrated security solutions to obtain better network visibility across its 15 schools, 13,000 users and 5,000 endpoint devices.
With Lancope and Ziften, CRSD now has continuous visibility into its network and endpoint activity to detect both external and insider security threats. Lancope’s sophisticated behavioral analysis can automatically detect and trigger an alert when something abnormal happens, and then CRSD administrators can seamlessly pivot to the Ziften solution to drill into the endpoint for additional context. As a result, the school district is saving vast amounts of time on threat detection and incident response and is also able to leverage the Lancope and Ziften solutions for other critical efforts such as capacity planning.
Matthew Frederickson, Director of Information Technology for CRSD, said, “Being able to use the Lancope and Ziften tools to discover what is normal is priceless. Now, when something is abnormal, I don’t even have to be at my desk to see it because these tools will send me an alert on my phone. I can then log in to determine whether it’s an actual threat or not. By knowing what is normal, I can quickly identify, address and remediate the abnormal.”
The CRSD team first turned to the SANS Institute’s “Critical Security Controls” document to glean best practices for securing a large network. They then devised an integrated approach to shoring up their security, including leveraging tools from Lancope and Ziften. By leveraging the integrated solutions, CRSD has been able to:
- Obtain a comprehensive, 24/7 view of what students, faculty and staff are doing on the network.
- Gain visibility into activity on the district’s endpoints (desktops, laptops and servers).
- Quickly detect and remediate threats that infiltrate the network.
- Monitor lateral movement (East-West traffic), and gain application and user identity awareness with Lancope’s StealthWatch®
- Dramatically improve incident response, forensic investigations, network performance and regulatory compliance initiatives.
“Recently, I noticed something suspicious when monitoring a report from my firewall,” said Frederickson. “With Lancope and Ziften, I was able to identify that this was malware attempting to propagate a botnet within our network. Armed with this knowledge, I was able to isolate and delete it within a matter of about five minutes. Normally, this type of issue could have easily spread throughout the network, affected network performance and taken weeks or even months to detect and resolve.”
By collecting and analyzing NetFlow from existing infrastructure, Lancope’s StealthWatch System provides a comprehensive picture of activity taking place across the internal network. Purpose-built for endpoint security, Ziften dynamically captures and analyzes pertinent endpoint and user data to display the overall behaviors happening on desktops, laptops and servers. For further information on how CRSD is using Lancope and Ziften technology to improve its security posture, read the full case study here: https://www.lancope.com/resources/case-studies/council-rock-school-district.