As an educational services provider, Grand Canyon Education provides everything from financial aid support to curriculum planning for universities and colleges across the nation. That includes Grand Canyon University which serves almost 90,000 students both on-campus and online. Students, teachers and administrators count on their services to be free from outages, with air-tight security—so when the GCE IT security team had a security incident earlier this year, they wasted no time assessing the risk and coming up with a solution.
Seeking Visibility to Boost Security
To bridge visibility gaps, GCE set out to find the right network detection and response (NDR) tool. With a hybrid network consisting of up to 10,000 servers plus a cloud environment, they needed a tool that could offer usable analytics for every aspect of their network.
They compared products and ultimately landed on ExtraHop Reveal(x) for its ability to offer full visibility and value across their entire IT organization. "We looked at all the features based on a comparison with the other NDR solutions, and we assessed that ExtraHop would provide the most value to multiple departments in addition to IT security," said David-John Fernandez, IT Security Engineer at GCE.
As part of the SANS WhatWorks series, John Pescatore, Director of Security, interviewed Fernandez to discuss the tangible benefits that ExtraHop Reveal(x) made for their security program. Among these benefits, Pescatore and Fernandez discussed how Reveal(x)'s threat hunting and response features were put to use to improve their overall security hygiene and fostered a more proactive approach.
Fernandez has found that a few specific features have proven invaluable to his security objectives. SSL decryption helps monitor high-value applications for anomalies, but packet capture, customizable dashboards, and SIEM integration has allowed the entire IT organization to get the analytics they need in a way that is easy to interpret. "The visibility from the dashboards, records, metrics and packets within ExtraHop helped us visualize what issue was occurring and if the data is related with some type of attack or not."
Easy-to-Use Analytics Add Value Across IT Teams
As GCE had predicted, Reveal(x) provided benefits to the broader IT organization. Database, networking, and telecom teams all use Reveal(x) to optimize performance. Notably, Reveal(x) has enabled them to meet the network performance requirements that allowed the company to rapidly shift to a remote workforce in 2019. In addition to working for an educational services provider, Fernandez happens to be completing his senior year at Grand Canyon University—so it's safe to say he believes in the value of education.
However, when it comes to adopting Reveal(x), Fernandez doesn't advise any special training, "I would say to be organized and just have a willingness to learn." ExtraHop offers a basic user certification, but beyond that, Fernandez insists "The Reveal(x) user interface is easy to learn." View the customer story to learn how ExtraHop Reveal(x) is helping Grand Canyon Education secure their environment, download the SANS WhatWorks white paper, and view the webinar.