Kentucky Community & Technical College System (KCTCS) is a governing entity overseeing 16 community colleges and 70 campuses across Kentucky. KCTCS was created in 1998 to standardize and unify the state’s community college system. KCTCS hosts over 106,000 students and 10,000 faculty members. As the largest provider of postsecondary education in the state, their main mission is to give Kentuckians easier, more affordable access to higher education.
The main challenge KCTCS faced was a lack of visibility. Colleges within the System had their own IT and security teams working disparately for each individual college as opposed to the larger organization. KCTCS needed to implement a security solution to gain visibility into each college’s environment and roughly 5000 network devices.
The security kit they relied on was also quite cumbersome and lacked the agility necessary to streamline tasks since it required a high level of technical knowledge over a variety of products. They had attempted to deploy a Security Information and Event Monitoring (SIEM) tool, but the product wasn’t robust enough to handle all of the traffic they received.
Volta recommended a managed SIEM platform which would allow KCTCS to aggregate and access all of their data for security intelligence and threat hunting. Initially, we planned to transition into their environment slowly by first standing up a new SIEM solution alongside theirs. However, once we completed that task, our SIEM tool was ingesting and parsing the same data with a much smaller footprint, allowing us the phase out their old SIEM tool entirely.
Volta proposed to configure a passive Intrusion Detection System (IDS) as well as build the following visualizations:
- Firewall dashboard
- Network dashboard
- VPN dashboard
- NetFlow dashboard
- IPS/SEG/SWG dashboard
- AD, logins, group changes, lockouts dashboard
KCTCS decided to utilize a hosted infrastructure at The Center for Rural Development’s Data Center in order to lower their overall cost and achieve economies of scale. This would allow them to use encrypted tunnels over high speed private connections to ship data from all around the state of Kentucky to one centralized location.
KCTCS now has a streamlined and efficient security solution through Volta’s recommendation and implementation of a managed SIEM tool, which condensed information from all of the tools they were using into a single platform. KCTCS can now access their data through their site-to-site VPN with The Center for Rural Development.
Volta performs ongoing monitoring of SIEM policy reporting:
- Reporting of Guest Wireless activity in 70 locations
- Visibility into Windows endpoint applications and events using Wazuh and Sysmon integration
- Alerting, dashboards and visualizations derived from 5000+ Windows endpoints and the entire KCTCS network infrastructure
- Logging and reporting of ALL campus network devices
With full end-to-end network visibility into every location, threat hunting analytics can be performed on all of their data.