North-West University achieves an 80% increase in security efficiency with Palo Alto Networks portfolio

North-West University (NWU) offers more than just an education: it offers people a place in the world. It is one of the largest universities in South Africa, with three integrated campuses serving more than 68,000 students and almost 7,000 administrative and academic professionals.

NWU resembles a mini-metropolis, with an extensive IT infrastructure supporting large volumes of network traffic across multiple campuses and tens of thousands of people. Previously, the university relied on legacy port-based firewalls in its three data centres. However, these firewalls lacked the security, visibility, performance, and scalability needed to control the growing volumes of data entering and leaving the network.

In response, the university standardized four Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFWs) in a high-availability configuration to prevent cyberthreats and enable secure, high-performance access to private network services and the internet. The solution unites Palo Alto Networks WildFire^® malware analysis and Threat Prevention—all managed via the centralized Panorama management console—to continuously and reliably secure the university’s users, devices, and applications.<

The change has transformed network security by:

• Reducing response time to zero-day attacks from days to seconds.
• Introducing complete, granular visibility and control over university traffic, apps, users, and content.
• Blocking known and unknown exploits, malware, and spyware regardless of evasion tactic.
• Enabling secure breakout to the internet without the need for proxies.
• Reducing the time to update firewall configurations by 75%.

NWU is now looking to the future. With network security in safe hands, attention has turned to endpoint protection. The university was challenged to protect a complex, distributed infrastructure spanning around 250 modern and legacy Windows servers. The existing Microsoft Defender for Endpoint protection solution lacked the functionality, agility, and security insights to counter today’s cybersecurity threats.

The small security team faced an array of threats, from ransomware and cyberespionage to fileless attacks and damaging data breaches. However, the biggest concern was not the endless number of risks that dominated news headlines but the frustrating, repetitive tasks they needed to perform every day as they triaged incidents and attempted to work through an endless backlog of alerts.

Martin Venter, Systems Manager at NWU, explains, “We wanted a broad XDR strategy with strong threat prevention. Microsoft Defender couldn’t keep pace with the fast-moving threats. The new system needed to defend against every type of attack, provide 360-degree visibility into those attacks, and minimize the mean time to detect and respond to incidents.”

The requirements included the ability to:

• Understand and track user identity information.
• Simplify and streamline security operations, automating processes where possible.
• Move NWU towards a Zero Trust security architecture.
• Safeguard large, complex legacy Windows server estate, including around 250 servers.
• Minimize the mean time to detect and respond to vulnerabilities.
• Adopt security posture based on behavioral analytics, not scripts.

Martin and his team conducted a rigorous proof of concept (PoC), analyzing five different endpoint security technologies, including Palo Alto Networks Cortex XDR in a controlled sandbox environment. Cortex XDR outperformed the other endpoint security platforms in almost every respect.

Ease of use was another determining factor in the choice. Venter continues, “Everything is managed through the intuitive Cortex XDR management console, including endpoint policy management, detection, investigation, and response. Plus, we can customize the policies to suit every type of server we use. It’s more flexible than any other XDR product we looked at.”

NWU’s Cortex^® XDR™ platform blocks advanced malware, exploits, and fileless attacks using behavioural threat protection, artificial intelligence (AI), and cloud-based analysis. The team can investigate threats quickly using a complete picture of each attack, view the root cause of any alert, and swiftly stop attacks across NWU’s large-scale, complex environment.

“Before Cortex XDR, we were as blind as moles,” says Venter. “Now we have visibility into every transaction and every vulnerability on the servers. We can immediately identify false positives and mitigate breaches. Make no mistake; Cortex XDR has transformed our security operations.”

Seamless integration with the ML-Powered NGFW has created an effective and complete cybersecurity portfolio—and moved the university forward on its journey to becoming a Zero Trust enterprise. “We want to eliminate trust from our network architecture and validate each stage of every digital interaction,” says Venter. “The connected Palo Alto Networks network and endpoint security portfolio gives us an end-to-end toolkit for Zero Trust. Over time, this strategy will enable us to simplify risk management, whatever the user, user location, or access method,” he adds.

This forward-thinking security strategy was spearheaded by KHIPU Networks, one of South Africa’s leading cybersecurity specialists and a longstanding, trusted partner to the university.

The integrated Palo Alto Networks portfolio is easy to use, providing complete, unified visibility across the network, endpoint, and cloud data. Panorama™ network security management ensures centralized management, with powerful insights into network-wide traffic and simplifies configurations.

Looking ahead, NWU may implement KHIPU’s eXtended Managed Detection and Response (XMDR) service, which itself utilizes Cortex XDR. Staffed by KHIPU’s own certified and experienced cybersecurity professionals, XMDR offers everything from threat visibility, detection, and root cause analysis to behavioral analytics and threat hunting services. The XMDR service also provides a community-driven approach to security, with issues identified by other higher education providers rolled out to all university customers.