Upgrading a VPN Solution to Secure a College's Remote Learning Environments
With the rise in remote connectivity due to COVID-19, a New York City-based college was facing more devices connecting to the school’s network than ever before. The college had an existing VPN solution in place but quickly realized that it was unable to handle the throughput and security requirements necessary to safely facilitate remote learning. The school wanted to ensure that any device connecting to their network was up to date with patches and had the necessary security applications installed. Additionally, their IT team only had basic visibility into traffic, users, devices, and applications traversing their network over VPN.
Taking into account the school’s existing environment and their Palo Alto Networks Firewalls, Vandis recommended Palo Alto Networks Global Protect VPN solution. This solution would allow the school to extend their next-gen firewall capabilities, including security policies, to remote faculty and students and provide greater visibility into all traffic, users, devices, and applications.
The deployment of Palo Alto Networks Global Protect VPN would provide the following benefits:
- Multi-Factor Authentication – Provides an additional layer of security by requiring users to provide at least two independent types of verification at time of login.
- Pre-Logon – Ensures that the GlobalProtect connection is seamless by connecting the user’s device to the GlobalProtect gateway before the user logs into the machine.
- Certificate Checks – Ensures that school machines are able to connect via VPN.
With the new capabilities at their fingertips, the school could now enforce a minimum standard of endpoint compliance for their students and faculty to connect to their environment. Via GlobalProtect, each connecting device would go through a HIP check to ensure it had up-to-date endpoint protection definitions, hard drive disk encryption, the latest software updates, and had enabled the OS firewall. Any device not meeting these minimum criteria would not be allowed onto the network. The school’s security operations team will be automatically notified of any unqualified device so they can work with the end user to meet the necessary qualifications.
With the successful implementation of Palo Alto Networks Global Protect, this school now has a solution in place that allows its students and faculty to securely VPN into their network. By utilizing the feature set within this solution, the school’s IT team has visibility into all the traffic, users, devices, and applications connecting to their network. In addition, the Vandis team was able to conduct a knowledge transfer session with the IT staff so they would be comfortable managing the solution moving forward.