CYBERSECURITY FOR

HIGHER EDUCATION
A Platform Approach
Higher education institutions must balance academic openness with protecting the
­personal information and intellectual property of staff and students. It’s ­another
­balancing act to maintain continuous, high-bandwidth access to resources while
­blocking threats and intrusions that could damage the institution’s reputation.
­ etworks® meets the security needs of higher education institutions by
Palo Alto N
­automatically preventing cyberattacks across cloud, network and endpoint devices
at network speeds as well as keeping sensitive data safe by administering granular
­security policies based on users, applications and content.

Higher Education Security Challenges
• Maintain student satisfaction with high
network performance and availability.
• Protect against cyberthreats growing in
speed, volume and sophistication.
• Prevent data breaches and the loss
of sensitive information, including
financial transactions, personal data
and intellectual property, resulting from
third-party-funded research.
• Support faculty by identifying and
protecting vulnerable departmental
servers and devices.
• Manage disjointed, distributed network
and endpoint security.
Agile Security for Modern Higher Education Networks
Keeping pace with new threats in dynamic online environments is an ongoing struggle for
IT teams. Palo Alto Networks helps higher education face security challenges relating to:
• Cloud security: Higher education is investing in modern infrastructure for interconnec-
tivity, flexibility and ease of administration. Whether by employing public cloud infra-
structure, specialized cloud services and/or SaaS applications, education institutions
need to protect the data in transit while ensuring no threats infiltrate their networks.
• Performance: Many schools are consolidating their data centers while increasing
virtualization within them to improve performance and productivity. Security must be
flexible enough to meet the demands of swiftly changing virtualized environments and
increasing demands for network bandwidth.
• Valuable data: Higher education institutions are prime targets for cybercriminals
seeking monetary gain from the theft of cutting-edge research, intellectual property,
payment data, and student and faculty information.
• Appropriate access for all: With students, visitors, faculty, administration, vendors,
equipment managers and research partners on the network, giving the right people
­access to the right resources – without compromising security – is an ongoing challenge.
• Mobile and “smart” device access: With everything from student smartphones to
campus security cameras connecting to the network, IT teams need visibility into who
is using these devices or what users are doing with them.
• Distributed environments: Different departments maintain servers, desktops and other
network-connected equipment with varying levels of host protection. Faculty often use
tablets or notebooks that need to be protected wherever they travel. IT must protect
faculty and staff devices from clickjacking and other schemes that can take over users’
systems or steal identities and login credentials.

Palo Alto Networks | Cybersecurity for Higher Education | Brief 1

Secure High-Performance Education Networks With a ­Platform
Approach
The Palo Alto Networks Security Operating Platform helps edu-
cational institutions deploy new technologies, including cloud, IoT,
online course delivery and virtualization, without compromising
security or performance. The platform automatically prevents
cyberattacks and reduces risk through real-time visibility and
consistent security across a school’s cloud, network, endpoint
devices and content.
Higher education institutions around the world use Palo Alto
Networks to:
• Prevent the spread of malware and protect critical information
with network segmentation.
• Gain granular visibility into network usage.
• Automatically prevent known and unknown threats from
impacting students, staff, networks and data.
• Protect school-owned devices.
• Simplify and secure BYOD and mobility.
• Safely enable cloud use and SaaS applications.
“We need to create an environment that’s open and flexible
but super secure. The reason why we moved off our old
firewall to the Palo Alto Networks platform is because it’s
next-generation, it’s scalable, and it reduces complexity. We
also needed someone who’s looking down the road to see
not only how to deal with current technology and security
issues but how to handle a future with things like wearables
and other technologies no one has even thought of yet.
– Larry Brandolph, chief information security officer, network or reputation.
Temple University
Prevent the Spread of Malware and Protect Critical ­Information
With Network Segmentation
Simple-to-manage yet granular network segmentation is key to
preventing the spread of cyberthreats while serving the diverse
needs of faculty, staff, students and other valid network users.
Palo Alto Networks platform appliances, whether stand-alone
or virtualized, enable campuses to segment networks to reduce
the chances of threats moving through the network and provide
another level of access control to sensitive data or applications.
Using Palo Alto Networks next-generation firewalls, you can:
• Make use of user information from a wide range of
­repositories, enabling IT teams to identify users and
groups, not just IP addresses.
• Grant or deny user access to network segments hosting
certain applications or servers, providing another layer of
security beyond usernames and passwords.
• Protect vulnerable systems – such as faculty computers
involved in sensitive research, unpatched servers or facilities
management systems – in their own network segment while
continuously scanning for data exfiltration.
Palo Alto Networks | Cybersecurity for Higher Education | Brief
• Prevent threats from spreading in the data center using
east-west segmentation in virtualized public or private
environments.
• Give administrators valuable insight through near-real-time,
easily understandable reports to help them prevent security
incidents.
“Palo Alto Networks allows us to significantly increase
bandwidth, deliver more services faster and elevate
­security. The visibility, scalability and dynamic threat
prevention of Palo Alto Networks makes us confident that
we can fully protect and support our academic mission.”
– Simon Lane,
senior professional specialist,
Enterprise Systems Development,
University of Southampton
Gain Granular Visibility Into Network Usage
Schools can maintain academic freedom while simultaneously
reducing security risks that would affect campus networks and
users. The Palo Alto Networks platform offers granular visibility
into users and applications, allowing higher education institu-
tions to monitor usage, reduce risk, and maintain high availability
and performance.
• Employ User-ID™ technology to create role-based
­permission policies, ensuring everyone has access to the
network r­ esources they need while denying access to
­systems they don’t.
• Identify thousands of applications traversing the network,
including applications that may pose a risk to the institution’s
• Monitor application use by group, time of day or other criteria
to ensure critical applications have the bandwidth they need
and IT has up-to-date information for capacity planning.
Automatically Prevent Known and Unknown Threats From
­Impacting Students, Staff, Networks and Data
Protecting the network, and thereby users and their devices, from
threats constitutes a competitive advantage for many institutions.
Faculty and students, whether using school-owned devices or
their own laptops and smartphones, may unwittingly or deliber-
ately put the network or the institution’s reputation
at risk. With new pieces of malware created every minute,
higher education IT teams must constantly update the security
posture to remain effective. Palo Alto Networks automatically
protects the network from threats with coordinated anti-malware,
IPS, web content filtering and zero-day attack prevention. Palo
Alto Networks threat analysis service conducts dynamic analysis
of suspicious content – even if it is encrypted – in a virtual
environment to discover brand new threats anywhere in the
world. It then triggers the creation of new protections, which are
delivered to all platform sensors in as few as five minutes. Security
Operating Platform deployments are continuously updated with
protections against new phishing and malware sites, ransomware,
malicious links in emails, and command-and-control infrastructure,
blocking any part of an attack. This automation vastly reduces the
2
 Figure 1: Palo Alto Networks Security Operating Platform
Security Operating Platform
The Security Operating Platform prevents successful cyberat-
tacks through automation. It is easy to operate, with capabilities
that work together so you can make the most of scarce cyber-
security resources. Enforcement points and shared intelligence
work together at network speed to automatically prevent
ever-changing cyberthreats from affecting students, computers,
networks or data. Accurate analytics allow you to streamline
routine tasks and focus on educational priorities. Tight integra-
tion across the platform and with ecosystem partners delivers
consistent security across cloud, network and mobile devices.
Among the core elements:
• Network security employs next-generation firewalls
to protect networked services ranging from schools to
school district perimeters and data centers. Integrated
network security clients extend security policies and pro-
tections to student and staff laptops and mobile devices
whether they take them home or to the coffee shop.
• Advanced endpoint protection safeguards servers, clients
and mobile devices against the latest vulnerability exploits,
­ransomware and other malware delivered via any method,
including email, USB drives or other attached devices, and
other channels. 
 malware analytics and hunting tools for security operations
• Cloud security provides the same protections as the net-
work security components for private, public and hybrid
cloud ­environments as well as SaaS applications. Deep
integration with native cloud services and automation
tools speeds up multi-cloud deployments. 

operational burden on IT teams, which would normally have to
manually update multiple security devices across the network to
block even one part of such attacks.
Protect School-Owned Devices
IT teams must protect school-owned faculty and staff devices from
the latest cyberthreats. Advanced endpoint protection, part of the
Security Operating Platform, coordinates with threat intelligence
and pre-emptively blocks known and unknown ransomware and
Palo Alto Networks | Cybersecurity for Higher Education | Brief
• Cloud-delivered security services employ global intel-
ligence to filter content as well as detect threats and
attackers. These services automatically create protections
against new threats and attacks as well as continuously
update endpoint, network and cloud sensors.
Palo Alto Networks has recently opened up the platform,
enabling you to swiftly take advantage of security innovations
that meet the particular needs of higher education.
• Application Framework enables rapid development of
custom and third-party applications that make use of
data from the Logging Service and other cloud-delivered
security services. 

• Logging Service provides a secure, cloud-based reposi-
tory
for all application and data logs, collecting data from
various sources while eliminating the burden of scaling
and maintaining on-premise compute and storage. 

Palo Alto Networks apps on the Application Framework include:

• Magnifier™ Behavioral analytics to help discover anomalous
and malicious user or application activity inside the network.
• AutoFocus™ Contextual threat intelligence service for
center teams.
For more information on the Palo Alto Networks Security
Operating Platform, please visit https://www.paloaltonetworks.
com/products/security-operating-platform.
other malware, credential theft attempts, other exploits, and
zero-day threats. Staff can use email, other applications, USB drives
and the web confidently and safely.
Simplify and Secure BYOD and Mobility
Schools must balance the need for cybersecurity with giving stu-
dents, faculty and their devices speedy access to network resources
wherever they are. Unique User-ID technology enables consistent
enforcement of security access policies based on who users are,
3
regardless of campus location, device ownership or which of their
devices they are using. For students who bring their own devices,
Zero Trust network segmentation – based on the “never trust,
always verify” principle – ensures they can access the resources
they need while restricting access to sensitive data and applications
to valid faculty and staff with trusted devices. For faculty and staff
who bring their own devices, a lightweight network security client
works with Enterprise Mobility Management platforms to separate
business apps, data and traffic from personal apps on the devices,
securing business content while respecting privacy.
“Visibility and throughput is significantly better. Before, we trawled
through logs to get information, but now we can see the biggest
risks, where they’re coming from, which apps are being used and
more. The information and detail is fantastic.”
– James Holland, Network and Security Services Manager,
University of Portsmouth
Cyberattackers disproportionately target endpoint devices, and
those devices are more vulnerable outside the campus network.
The platform’s network security client extends a VPN and granular
security to remote faculty, staff and contractors. The lightweight
network security client protects computers, tablets and smart-
phones wherever they travel, ensuring they maintain the same
security posture and access capabilities as devices inside the
network perimeter.
Safely Enable Cloud Use and SaaS Applications
Palo Alto Networks virtualized platform deployments bring the
security of the on-premise network to public and private clouds.
Prevent successful cyberattacks on Amazon® Web Services,
­Microsoft® Azure®, and Google® Cloud Platform environments
and cloud initiatives on VMware® NSX®, OpenStack®, Microsoft
Hyper-V®, and many other platforms. A suite of tools enables ap-
plication-level control between workloads, policy consistency from
the network to the cloud, fast deployment and dynamic security
policy updates as workloads change.
SaaS applications are traditionally invisible to IT. Palo Alto
Networks solves this problem by providing full visibility into the
day-to-day activities of employees using SaaS applications, such as
3000 Tannery Way
Santa Clara, CA 95054
Main: +1.408.753.4000
Sales: +1.866.320.4788
Support: +1.866.898.9087
www.paloaltonetworks.com
Microsoft Office 365®, G Suite™ and Dropbox®. Granular security
policies help eliminate data exposure and threat risks. For example,
you can deny data uploads to personal Box folders and private
Gmail® addresses while safely enabling collaboration through your
institution’s Gmail instance and Box environment.
Increase ROI With Palo Alto Networks Offerings for Higher
Education
The biggest question for many IT teams in higher education is
how to maximize user and data protection with minimal network
and security resources. The Security Operating Platform natively
integrates many capabilities, eliminating point products along
with the cost and management overhead associated with them.
Platform elements across clouds, networks and endpoints share
security context and work together to automatically prevent quick-
ly changing threats from affecting students, endpoints, networks
or data. This platform approach reduces silos of information and
manual intervention from overburdened IT teams. Unified visibility,
policies, event logging, reporting and analytics across security func-
tions greatly simplify management, ­operations and compliance in
addition to reducing the potential for misconfigurations, outdated
policies or overlooked threats.
Schools may start with one capability and add new ones to the
platform over time, growing protection levels without the cost and
complexity of managing new network devices. Each security capa-
bility automatically correlates insights on newly emerging threats
across endpoints, data centers and cloud resources, ensuring fast
responses to any threat with no manual intervention required.
As you add security capabilities, coordination increases, and your
organization enjoys even greater return on investment.
Getting Started
Start by gaining visibility into the users, applications and content
in your network. Sign up for a free Security Lifecycle Review. This
non-disruptive process will help define top risks due to usage,
unknown applications, malware and more.
Customers in more than 150 countries and in every industry rely
on us to improve their cybersecurity posture. For more information
on Palo Alto Networks, please visit https://www.paloaltonetworks.
com/company/about-us.
For more information on how we protect higher education
networks worldwide, please visit https://www.paloaltonetworks.
com/­solutions/industries/education/education-higher.
© 2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered
trademark of Palo Alto Networks. A list of our trademarks can be found
at https://www.­paloaltonetworks.com/company/trademarks.html. All other
marks mentioned herein may be trademarks of their respective companies.
cybersecurity-for-higher-­education-sb-050918