Education

Securing a learning environment

Spread across 49 campuses, Mansfield Independent School District (MISD) provides an environment where students learn to become productive citizens. “We are here to inspire our students. We want them to be productive when they leave our district,” says Shawntee Cowan, chief technology officer at MISD.

Securing the various users and devices is demanding. “We have to pull information from thousands of devices having diverse operating systems, makes, and models. That throws a unique element into our security environment,” remarks Brandon Bynum, cybersecurity specialist at MISD.

In an ever-changing technology and threat landscape, Cowan’s team must secure MISD without making security an impediment to learning. “We want to give students the tools they need to learn, teachers the support they need to teach, and parents that peace of mind about their kids’ effective learning,” remarks Jameson. “That’s more than just protecting the users. We ensure students, staff, and parents are empowered with the opportunities, training, and access to information. We have to build that around confidentiality and the availability of data.”

Cowan explains, “That balance between productivity for our students and our staff and the security aspect is something we work hard to achieve. We spend a lot of time working with the curriculum team to ensure our security approach is aligned with the technology needs of our students. We also educate users on the importance of multi-factor authentication (MFA), and why we have to block certain websites and create policies for various applications and AI usage. We’re doing well but we consistently face these challenges.”

MISD and Cisco XDR: A perfect match

Cowan recognized that efficient security management is essential for making MISD resilient to threats. “We used multiple security tools, which made managing risks cumbersome,” remarks Bynum. “Having to log in to these different tools to access the telemetry data increased our response time. Managing updates for these tools was time-consuming and the logs weren’t giving us the granular visibility we needed to plug the security gaps.”

Cowan wanted to integrate MISD’s security tools into one extended detection and response (XDR) platform to achieve greater visibility using a unified dashboard. After seeing a demo of Cisco XDR, Cowan realized that she found what her team needed. After subsequent demos to evaluate its capabilities, MISD adopted Cisco XDR.

“Overall, we were excited about the product and what it could mean for us as a district. The Cisco XDR team gave us multiple demos and explained everything so well. We could understand the platform better and verbalize its capabilities to our leadership to get the funding to purchase Cisco XDR Premier” says Cowan.

“The initial implementation was fairly easy,” Cowan remarks. “The managed services team guided us to complete the initial deployment by explaining the steps. I monitored the process, and it wasn’t too long before the XDR platform was populated with telemetry data. We were excited about how fast that happened.”

Bynum adds, “Implementing the APIs into the environment was very easy. It's great having the managed services team as another set of eyes that gave us the confidence we were taking the correct steps during implementation.”

MISD could easily integrate other security tools for endpoint protection, DNS filtering, and email security to achieve holistic visibility. The Cisco XDR Premier team collaborated closely with MISD. “That made the implementation seamless,” says Cowan. “It expedited our understanding of the platform and very soon we started taking actions based on the telemetry.”

Security efficiencies for the school district

Cisco XDR drastically reduced the number of logins across various tools. “Cisco XDR gave us the single-pane-of-glass experience that we much needed,” Jameson remarks. “As a platform, Cisco XDR is intuitive enough for our staff with different levels of security knowledge to work their way through. We can open tickets and request additional information, and that’s a big advantage of having managed services.”

Cisco XDR managed services are available around the clock, and that’s very important for MISD. “We're not here 24/7, so Cisco XDR managed services help us have eyes when otherwise we may not,” explains Jameson. “Additionally, managed services help decrease the time we had to spend on alert investigation and mitigation. Having that other set of eyes translates to better time management and efficiency for us.”

Cowan adds, “Cisco XDR managed services have streamlined our security operations. In addition to alerting us, XDR gives us additional insights and even fixes some of the issues. Having that extra level of support where we're not having to be up day and night worried about things is huge for our district. It really is.”

Being a school district, MISD has to protect a dynamic and diverse user base requiring a high degree of security visibility and governance. For example, students taking special courses need access to specific websites and files. “We need the visibility to monitor those actions at a granular level to prevent threats,” explains Cowan. “Cisco XDR gives us that visibility across our entire network and the ability to drill down and alert the students if they take an action that can risk our environment. We can implement better governance that way. We also conduct training for our staff and students so they learn to make responsible use of their privileges to operate safely and securely.”

By streamlining security management, Cisco XDR helped MISD respond faster to incidents. “If our students take any risky action, we can easily collect the hashes of the file they're downloading, put it into XDR, and within seconds verify if it's anywhere else in our environment,” remarks Bynum. “The entire XDR platform is designed to reduce response time and that’s valuable. When we investigate tickets or alerts, the platform provides us with immediate options for proceeding with an investigation or various strategies to remediate incidents. This significantly improves how fast we respond and remediate.”

Achieving resilience with proactive risk mitigation

MISD was already using Cisco Talos for threat intelligence and research. The combination of Cisco XDR and Talos has helped MISD streamline threat hunting. “We've engaged Cisco from an external pen test perspective,” says Jameson. “And we're now engaging for an internal pen test. Both of those provide us with important insights.”

Jameson continues, Cisco XDR enables MISD to proactively manage risks improving the district’s overall security posture. “Cisco XDR improved our security management workflow so we're not bouncing around between multiple applications as often. It has given us a broader perspective of threat reporting and how we adapt and address those threats, along with more oversight in general of what we face.”

To assess the environment, the MISD team uses KPIs including: the number of uncompromised endpoints, the number of files scanned and protected, the number of tickets that have been entered and resolved by XDR, geofencing data, and common vulnerabilities and exposures that were reported and patched.

Tracking this data gives MISD the confidence of having a platform that can protect its primary assets—the students and their data. “When I pull that data from Cisco XDR and report to our stakeholders showing the tickets resolved by us, and by the managed services team, and also the tickets resolved during off hours, they understand how the platform is addressing our security needs and how Cisco is helping us achieve 24/7 threat vigilance,” adds Cowan. “In a world of increasing cyberthreats, having that holistic visibility of our security environment in a single pane of glass and the capability of regular reporting has given me and everyone here that precious peace of mind. We feel more in control in keeping our environment safe.”

Simplifying security workflow has made Cowan’s team more efficient and at the same time more flexible. “Even when we’re not on campus, we can access the web-based XDR interface from anywhere with an added layer of MFA security using Cisco Duo,” Cowan explains. “We can log in, investigate, and take actions to address a potential threat regardless of our location.”

Proactively mitigating risks with Cisco XDR and Talos made MISD more resilient to security incidents. “We can now see and mitigate threats that are yet to surface in our environment. That makes our entire network more resilient. We can remove the threats before we even see them on the endpoints,” Bynum remarks.

“We’re excited with how the Cisco XDR platform is evolving by adding new features and capabilities. School districts have to deal with many moving parts, and it's great that the XDR team is listening and responding to our needs,” says Cowan. “The fact that it’s offering additional APIs to integrate more products to this platform gives us the confidence that we can rest assured the platform will always keep our environment safe and secured.”