Get current news, industry tips and helpful information
Sunway University: Getting NAC Right
Due to significant growth and complexity issues, this university switched its Network Access Control (NAC) provider and met swift success.
Sunway University, formerly Sunway College, in Bandar Sunway, Petaling Jaya, Malaysia, was founded on the vision that exceptional higher education is vital to progress. Last year, the university was awarded a rating of "excellent" in the nation's rating system, placing it in a select group of Malaysian public and private universities. Sunway University stretches across 22 beautiful acres and is fully equipped with academic, hostel, and sports facilities, for its students – making it one of the largest and most modern of any private campuses in all Malaysia.
And, as Siao Yuan Tan, Manager of IT Operations at Sunway, knows, it's not easy keeping modern networks secure. Sunway runs multiple networks on campus: one for students, for research and another for staff and university administrators. One of the most difficult tasks for Tan is ensuring that all of those systems are available and run in a secure way. "It's very important to us that our systems comply with our IT policy and that certain applications, like anti-virus software, are installed and running properly," Tan explains.
"That's part of the reason why we sought a NAC solution; we wanted to ensure that students are using the university-provided computing facilities and that our staff members are using their official system," he adds. "We also do not want students plugging their personal systems onto our network, making sure that only registered and compliant systems have access to our networks protecting the users and the entire campus IT system." The ultimate objective, Tan says, is to provide a safe and predictable computing environment for all users of the University networks.
Past implementation challenges
To meet these objectives, Sunway deployed a NAC solution several years ago. Unfortunately, poor local support and product complexity issues made it difficult for the implementation to keep pace with the growth and changing needs of the University. Sunway had to seek other potential solutions. "Vendor support was a huge issue. Most of our support cases were not being answered in a timely manner. Many issues simply hung forever with no one getting back to us," he explains. "Whenever we had a problem, it required an engineer to come onsite and resolve the issue. These were very technical troubles, and a typical IT administrator would not have been able to resolve these issues on their own."
"Despite a significant amount of effort, we still found there were issues and many problems that made maintaining this specific NAC product very difficult. We knew we had to look for potential alternatives if we were going to keep pace with the University’s evolving network needs," Tan says.
The alternatives Sunway investigated included so-called NAC "solutions" that come bundled with large anti-malware providers, as well as the NAC that is "integrated" into the gear of large network equipment providers. "Many of these products have a lot of built-in limitations," Tan explains. "They depend on 802.1x authentication, which is cumbersome to deploy, and they require significant changes to the network. None of them looked straightforward until we considered InfoExpress and its CyberGatekeeper NAC offering."
Securing student and administration network access
The InfoExpress CyberGatekeeper family of products control access to the network by auditing all devices before granting access to the network. CyberGatekeeper is fully scalable and interoperates smoothly with a wide range of other products. CyberGatekeeper can be deployed easily in monitor mode, giving organizations the option to remedy endpoints "on the fly" without having to restrict access to users. Also, CyberGatekeeper provides Sunway with a deep level of host-integrity inspection that is easy to use and manage.
One capability that separates InfoExpress’ CyberGatekeeper from other more complicated and costly network access control offerings is its reliance on an organization’s distributed network. CyberGatekeeper with Dynamic NAC turns qualified, secure PCs into NAC enforcers that can detect, quarantine, and remedy rogue endpoints and unhealthy PCs, and ensure that unauthorized systems don’t gain access. "The CyberGatekeeper installation went very smoothly," says Tan. "It checks our systems and ensures we are maintaining the network to policy."
Two of the policy enforcement checks Sunway performs on systems are system patch levels and antivirus software status. "Those are two of the basic checks we are currently conducting. We also are checking for prohibited software and peer-to-peer file sharing software, neither of which we want running in our environment," he says.
"Another advantage over our previous NAC product is the fact that InfoExpress actually can see when any of our endpoint antivirus processes fail. The previous product would only detect whether the signature file was updated. That's really not good enough; what if the anti-virus software isn't working? If that process is failing, we want the system blocked from the network until the situation is rectified," he says.
InfoExpress also helps to keep the university's networks secure by ensuring that student research networks are kept separate from the primary networks. "We check whether a PC is authorized for the main networks to avoid someone connecting from a research network to a more secure network. This is quite useful for us to protect our network, because we might have research students having their own network, and we do not want them to interfere with the production network," he explains.
While InfoExpress required zero network changes, CyberGatekeeper also performs and protects the infrastructure exactly as Sunway anticipated, and it requires less technical support. Tan appreciates that support is available when it’s needed, and that the company is responsive. "It's been much easier working with InfoExpress and contacting them for help whenever needed," he says.
"We are where we wanted to be with our first NAC implementation," Tan says. "We were able to achieve our objectives and it's proven more effective, and manageable. InfoExpress provides much better protection than the previous NAC that we were using."
# # #
Firm Overview: Sunway University
Organization Type: University
Size: 850 faculty and employees; Enrollment: 12,000 students
Sunway University required a way to ensure only those systems that are trusted and meet security policy are permitted to connect to the school's networks.
InfoExpress CyberGatekeeper NAC