Fitchburg State University, located in central Massachusetts, is a public institution dedicated to integrating high-quality professional programs with strong liberal arts and sciences studies. Founded in 1894, the university now has more than 30 undergraduate programs and 22 master’s degree programs, with 500+ employees and 7,000 students. The university’s vast Enterasys network supports approximately 5,000 devices spread out over 30+ buildings and 31 acres, as well as three wirelessly-connected remote sites, including an athletic field, several miles from campus.
“Over the past few years, we have seen an explosion in mobile devices and wireless connections on our network,” said Tony Chila, network manager for Fitchburg State University. “We soon realized that we required greater visibility into all of the devices and applications running on our systems than could be achieved with our current solutions. Stealthwatch provides us with the actionable insight we need to more quickly and confidently address the full spectrum of network and security issues we are faced with on a daily basis. Everyone from our network, security and server teams, all the way up to the Information Security Officer and CIO find value in the system.”
|Stealthwatch provides us with the actionable insight we need to more quickly and confidently address the full spectrum of network and security issues we are faced with on a daily basis.”|
Stealthwatch Provides Greater Network Visibility
Prior to Stealthwatch, Fitchburg State’s IT team had no insight into the services, protocols, ports and applications being used on its network. While the school’s disparate technology tools provided pockets of visibility into certain areas or aspects of the network, there were huge gaps in the overall picture. The IT department feared that this lack of visibility could open the school up to performance, security and compliance issues, especially as the network and number of users and devices continued to grow.
Fitchburg State therefore turned to Stealthwatch to deliver a complete, end-to-end picture of everything happening across its entire network, providing both at-a-glance, high-level views as well as sophisticated drill-down capabilities. By collecting, analyzing and correlating NetFlow data from across the network, Stealthwatch provides real-time and historical forensic insight into network and host behaviors as a whole. The system can quickly and very accurately baseline normal behavior, detect anomalies, prioritize the top issues for IT administrators, determine the exact application causing issues and even automatically mitigate threats using existing infrastructure.
Intuitive graphs and dashboards showing traffic flow for various systems including Exchange servers and the school’s Blackboard learning management system allow Fitchburg State to easily detect concerning behaviors, such as unusually large amounts of traffic and communication with restricted segments of the network. The Stealthwatch Host Snapshot also provides valuable host-level details such as MAC address, interfaces the host is using, services running, recent alarm activity observed from the host, and more.
With its FlowSensor appliance, Stealthwatch can also provide insight into areas of the network, such as virtualized environments, that do not inherently support flow data. And with the Stealthwatch IDentity appliance, Fitchburg State can trace the root cause of network and security issues all the way down to the exact user responsible.
|Stealthwatch makes it simple and cost-effective for us to find out just about anything we want to know about our network.”|
“Between the intuitive graphs and maps, and the sophisticated drill-down capabilities, Stealthwatch makes it simple and cost-effective for us to find out just about anything we want to know about our network,” added Chila of Fitchburg State. “Bandwidth utilization, server response time, round trip time, where traffic is flowing to/from, who is generating the traffic and much more is all right at our fingertips. This easy access to key information has been invaluable for many efforts – from boosting network performance and pinpointing potential security issues to capacity planning, VoIP QoS and compliance with PCI and RIAA regulations.”
Fitchburg Expedites Troubleshooting with Stealthwatch
The improved network visibility achieved through Stealthwatch eliminates the need for time-consuming, manual analysis and dramatically expedites the troubleshooting process – at a fraction of the cost of traditional monitoring solutions. Previously, when there was a network slowdown, Fitchburg State’s IT team would have to examine its network equipment unit by unit to identify unusually high utilization. The group would then have to physically go out into the field to run a packet capture to determine the root cause.
With Stealthwatch, both the source – network or server – and cause of network security and performance problems can be quickly uncovered without the need for manual analysis. To further expedite troubleshooting, Stealthwatch seamlessly integrates with other network and security tools to collect as much information as possible on network behaviors. Fitchburg State has benefited greatly from this integration, with Stealthwatch correlating the logs from various systems including NAC, firewalls and IPS to provide a clear, consolidated picture of both network- and host-level activities.
Stealthwatch significantly reduces the time from problem onset to resolution, while also cutting network and security management costs. The system has even enabled Fitchburg State to eliminate a previous IDS deployment that was too burdensome for the school’s small networking and security team to manage and fine tune to meet its needs.
Stealthwatch Facilitates High-Level Reporting to Management
At Fitchburg State, it is important for the school’s Information Security Officer (ISO) and CIO to be kept informed about network and security issues. The network and security teams therefore send two daily reports to the ISO and CIO, as well as the school’s server team, to provide a high-level visualization of what is going on in the network.
From there, users can easily drill down into the information to extract any other details they require. Details on the firewall, IPS, and many other technologies can be obtained right from Stealthwatch without having to go into any other systems. “Stealthwatch provides a one-stop shop for obtaining detailed information on any area of the network,” said Chila.
When one of the school’s wirelessly-connected remote sites was having trouble with VoIP call quality, the network team used Stealthwatch to determine whether the bandwidth for that site needed to be increased. In the end, it was determined that thick trees were disrupting call quality, not a lack of bandwidth, saving the school the extra money it would have had to spend to increase the pipeline.
“Lancope has been great to work with in terms of customizing Stealthwatch to meet the specific needs of our entire IT organization, even under our tight budget constraints,” added Chila. “As a result, we are now better equipped to manage the network efficiently, and effectively combat any threats that come our way. We expect Stealthwatch to result in significantly reduced downtime for the university system, and an improved user experience for our students, faculty and staff.”