SUNY Delhi College
To protect the expansive, public-facing presence of SUNY Delhi College, Scott May uses Sentinel Outpost as the first line of defense in an integrated, layered approach to network security.
Like most universities, SUNY Delhi has an expansive, public-facing Internet presence, with more than 65,000 public IP addresses. With such a large attack surface, network security becomes a delicate balance between keeping the network safe and still meeting the needs of the faculty, university staff and student population.
“Most organizations or corporations can ‘lock the doors’ to control who comes into their network. Our network is in use 24/7. I’m open to the public, 365 days a year,” explained Scott May, associate director, computing services, for SUNY Delhi College. “If you walk into a corporation, you get a badge, you sign in, everyone else is kept outside the physical footprint. Here, we are open to the public, people use the campus, bring their Wi-Fi and try to get on the network. Housed students, prospective students, parents, community, with any number of devices. So, protecting the network becomes a lot more complicated.”
Although, as a state agency, SUNY Delhi’s payroll and budgeting systems are centralized on a different network through the state, May is the college’s reputational gatekeeper—protecting donor and student information, as well preventing hackers from falsifying grades, transcripts or even pirating lunch cards. After all, what student wouldn’t want to erase something embarrassing they did on campus surveillance if allowed access.
To protect the network without negatively impacting legitimate access, May has long taken a layered, “onion approach” to security.
“The IPS is the exterior-facing device that blocks the bulk of the ‘bad guy’ traffic. The firewall then enforces some rules. The third layer is packet shaping technology to manage the flow of the legitimate traffic that’s left over. Basically, it de-prioritizes things like Netflix traffic when I have people trying to teach classes and use Internet resources,” May explained.
May first learned about Sentinel at a technology conference, about four years ago. He was intrigued, but a little skeptical.
“At the time, we were using an IPS from a large company, and I was getting frustrated by the licensing costs on top of the hardware costs,” May said. “When the Sentinel rep told me about this great new managed service product, with no hardware costs and a monthly fee, it sounded too good to be true. It was about half the cost of what I was paying at the time.”
It took two years for May to finally give Sentinel a try.
“We had just completed a technology refresh, and we didn’t have the budget to keep doing what we were doing. Our IPS couldn’t handle the line rate anyway, so we needed to upgrade, which meant more money,” May said. “I said, ‘Sentinel offers a free, no risk, 30-day trial, and a price we can afford. Let’s test it out and see if it works.’”
SUNY Delhi has been a Sentinel customer ever since.
“The Sentinel team went above and beyond … Their support is exceptional.”
Proactive Protection. Exceptional Service.
According to May, Sentinel not only costs the SUNY Delhi College less money, but offers better network protection than the solution the institution used before.
“Sentinel has certainly proven to be superior to other products we’ve had in the past,” May said. “Their support team is continually compiling threat data and proactively updating our device to protect us against those new threats. With our previous solution, there was no monitoring. Now, if there’s an issue, I get an alert. If there is a new threat, the device is automatically configured to block it.”
From a service and support aspect, May couldn’t be happier.
“Because of our size, we had some unique issues at the beginning. The Sentinel team went above and beyond to scale our system and set us up with an upgrade,” May said. “Their support is exceptional. I think that’s one of their big differentiators. If I need something, they’re on it, and they get it done.”
Because Sentinel is a managed service provider, May no longer has to worry about budgeting for IPS hardware updates.
“With our old system, if you needed to upgrade, you had to buy a new box,” May said. “When you need to upgrade with Sentinel, they contact you, tell you about the upgrade and send you a new box. You send the old one back and you’re good to go. That not only ensures that we’re using the latest and greatest technology, but it makes budgeting a lot easier, too. I don’t have to worry about replacement hardware.”
“Sentinel has certainly proven to be superior to other products we’ve had in the past.”
The Power to Get the Job Done
Although firewalls have gotten more sophisticated, May is a big believer in “the separation of duties” when it comes to security, regardless of how sophisticated the firewall might be. For him, one provider or one next-gen solution just can’t protect a network as well as multiple solutions, each focused on one job.
“For example, we had a denial of service attack. Because the firewall tries to do so many things, it becomes overwhelmed and can’t filter out that attack,” he explained. “We contacted Sentinel support, and within an hour, someone had made the changes so we could block the traffic at the Sentinel, relieving the firewall so we could resume normal business. I’m not convinced that a single box solution could have pulled through and separated the task.”
Although May had been pleased with the visibility and protection Sentinel delivered to SUNY Delhi from the onset, there was a pivotal moment when he knew the solution was “head and shoulders” above the rest.
“We use a Security Operations Center, or SOC, which conducts external vulnerability scans and penetration testing of the campus, to see what holes they can find,” May explained. “We had a test scheduled, but after a few weeks, I hadn’t heard anything from them. Come to find out that they’d been trying to work around the Sentinel for weeks, but couldn’t get through. The only way they could get in and test my internal firewall was for me to make an exception rule so they could get by the Sentinel. That’s when I knew how impressive the device really was.”
The SOC group was evidently impressed as well. They ended up purchasing two Sentinels to cover their own network.
“There’s a lot more awareness of how Sentinel can impact security in higher education,” May said. “Anyone who looks at what Sentinel has done for us can see the opportunity.”
The numbers speak for themselves.
In 2018 alone, Sentinel thwarted more than 13 thousand inbound exploit attempts and almost 10 million inbound scans, as well as issuing more than 3,000 alerts on malware beaconing outbound.
“We get reports on what’s happening, and look at those. But, because we have confidence in what Sentinel is doing, we don’t really have to think about it on a daily basis,” May said. “It’s blocked 155,926 IPs and I don’t have anybody calling me to say that they can’t go someplace they need to go. My users can use the network; the bad guys can’t get in.”
And that’s exactly how May—with a little help from Sentinel—plans to keep it.
we can help.
From the Fortune 100 to small rural towns, we help understaffed and overworked IT teams solve their network security problems.