One of Top 3 Universities in Asia Selects CDNetworks ESA to Build up the Zero-Trust Secure Access Network

One of the Top 3 Universities in Asia Selects CDNetworks ESA to Build up the Zero-Trust Secure Access Network

Background

Established in 1911, our customer is one of the most prestigious and influential universities in Asia. It was ranked #23 in 2022-2023 Best Global Universities Rankings and has produced many notable leaders in science, engineering, politics, business, and academia.

The customer prides itself on being a pioneer of exploring the advanced practices in the IT industry and has adopted nearly every innovative IT product throughout the college’s history. To drive the revolution of education, different approaches in teaching and scientific research have been introduced into the college’s daily operations, including online courses, video conference, online examinations, and simulation presentations.

In this process, many IT applications, such as an internal library system and an online system for selecting courses, were adopted and continue to be kept current to meet the demands of students and staff. The most common access methods to these applications used traditional VPNs.

However, these legacy VPNs were not able to secure the access to these applications dynamically. Our customer became increasingly concerned about VPN vulnerabilities that could expose sensitive applications and data to the entire network through VPN access.

For these reasons, the college was seeking a secure access solution that offered greater stability, improved security, enhanced performance, and an elevated user experience for granting remote access.

Challenges and Pain Points

Risk of Traditional VPN Access Method

Traditional VPN methods encrypt all data as it travels between a user’s computer and VPN servers while leaving the IP address and port of the VPN gateway exposed to the Internet. This makes the VPN gateway a sitting duck for cyberattacks. Without enforcing security measures, the IP addresses and ports of resources can be easily scanned and detected, which can lead to lateral cyberattacks.

Insufficient Authorization Management

These same antiquated VPN tools also made it impossible to grant permissions by user and application to the college’s 10,000-plus staff members and students. Our customer faced a significant challenge to ensure the legitimacy of access to its confidential digital resources.

The Hardest-hit Area of Malicious Cryptomining

Given its vast infrastructure and resources, which include free electricity along with massive numbers of high-performance servers, the campus became the hardest hit target for malicious cryptomining.

*Cryptojacking (also called malicious cryptomining) is a form of malware that hides on your device and steals its computing resources in order to mine for valuable online currencies like Bitcoin.

Previously, the customer thoroughly investigated malicious cryptomining within its campus environment. Finding that there were many vulnerable servers, the college investigated the root cause of these weaknesses and traced them back to applications that were placed on the college intranet to promote student convenience during the pandemic. These applications, as it turns out, opened the door to a flood of trojans into the college’s environment.

Facing these challenges, the college turned to CDNetworks for help primarily due to our deep experience of collaborating with different organizations. In particular, many local government agencies use CDNetworks Enterprise Secure Access Solution (ESA), which instilled a strong confidence in our customer’s decision to proceed with CDNetworks.

製品

CDNetworks provided Enterprise Secure Access Solution (ESA) to this top-tier university and helped our customer undergo a transformation from a traditional VPN infrastructure to the zero-trust architecture. Here are some of the key details.

Making Institution’s Hybrid Networks Invisible to Malicious Cryptomining

Previously, the university had exposed its internal systems, including an internal library system, an online system used to select courses, and an educational administration system, to a large audience. Doing so opened the door for potential cyberattacks and breaches. CDNetworks ESA shields the origin servers’ IP addresses and ports behind a secure gateway to eliminate the attack surface exposed to the Internet.

At the same time, applying single-packet authorization (SPA) technology allowed CDNetworks ESA to detect every connection to internal resources and grant connectivity only to authorized staffs and students. These combined capabilities concealed the college’s internal resources from unauthorized access.

In this way, there are no targets visible to attackers. Attackers have no way of launching attacks, including zero-day attacks, making it impossible for them to penetrate into the server and access college resources to conduct malicious cryptomining.

All-in-one Management Portal, Delivering a Smooth Experience of Access

CDNetworks ESA solution gives hybrid workforces optimal protection with unified clientless and client-based remote access. With clientless access, college students and staff can access data and applications from any location using their mobile phone, laptop, or tablet PC. CDNetworks ESA verifies their access using multi-factor authentication (MFA), which requires users to present more than one piece of evidence for authentication before they are allowed to participate in online learning, email messaging, and video conferencing or gain access to the college’s online scientific research platform. CDNetworks ESA applies the concept of least privilege to give users secure, direct connectivity to the institution’s applications. Our customer can now manage authorization from a single management portal.

The college now has peace of mind, knowing that if a hacker used a user credential to break into the network, the attacker would be stopped dead in its tracks, prevented from moving forward in an attempt to access applications and data. Best of all, this strict security can be managed and maintained without requiring enormous amounts of time and cost.

Continuous Validation and Dynamic Authorization

To secure total access, CDNetworks ESA monitors user behavior, device security, and audits and scores to see whether access behavior aligns with the campus’ security posture. If a score reaches the threshold, the system adjusts user access authority dynamically or closes access to protect applications and data. At the same time, alert notifications are sent to the school administrator’s email box.

Currently, CDNetworks ESA is protecting our customer’s application and data effectively with security assurances that include encrypted data transfers and DDoS protection for gateway security.

CDNetworks takes pride in being able to secure every access method directed to the college’s internal applications and to help this top-tier university empower its students and staff with a secure and superior experience.

Key Impacts/Benefits

  • Making institutional hybrid networks invisible and secure
  • Preventing malicious cryptomining
  • With clientless access, ESA allows students and staff to access data and applications via mobile phone, laptop, or tablet PC from anywhere
  • Realizing continuous validation and dynamic authorization prior to generating alerts
業界
教育関連
Solution
ESA – Enterprise Secure Access
Key Impacts
  • Making institutional hybrid networks invisible and secure;
  • Preventing malicious cryptomining;
  • With clientless access, ESA allows students and staff to access data and applications via mobile phone, laptop, or tablet PC from anywhere;
  • Realizing continuous validation and dynamic authorization prior to generating alerts;