The University of the Witwatersrand in South Africa is using a modern, AI-driven security operations strategy from Palo Alto Networks to stop threats in their tracks – wherever they might attack. Managed by KHIPU Networks a holistic, integrated Cortex XDR and XSOAR platform delivers extended protection, detection, and response across the University’s entire attack chain through attack surface reduction, attack prevention, breach prevention, and response.
Balancing students, processes, and tools
Wits is a multicampus South African university located in Johannesburg, internationally acclaimed for its research, high academic standards, and commitment to social justice. The University is home to 41,000 students; almost 1,700 academics; and 6,000 employees.
Just like any education institution, Wits is at daily risk from cyberattacks. Vast volumes of sensitive research and academic data, students connecting from a multiplicity of devices, and the evolving threat landscape make it a prime target for threat actors. Open access to resources needs to be balanced against the need to safeguard data.
Funding and resources compound these challenges. Hement Gopal, Senior Security Engineer at Wits, explains: “Previously, threats were not as sophisticated as they are now. The challenge for my team is to protect the University’s crown jewels with modern, innovative security controls.”
Prior to engaging with Palo Alto Networks and its leading cybersecurity partner KHIPU Networks, Wits’ endpoint security was based on a basic SIEM monitoring tool. “We still had many alerts,” says Hement. “Without automation, our security team was almost overwhelmed responding to them.”
In response, Wits turned to KHIPU Networks’ managed detection and response SOC service. Hement explains: “Higher education needs are very diverse compared to the more controlled private sector. KHIPU Networks has specialist knowledge of the demanding security pressures facing higher education. Security insights are also shared across the KHIPU community, reinforcing collective protection.”
"Previously, threats were not as sophisticated as they are now. The challenge for my team is to protect the University’s crown jewels with modern, innovative security controls."
– Hement Gopal
Senior Security Engineer
University of the Witwatersrand
Complete picture of each incident
Wits chose Palo Alto Networks Cortex XDR to underpin its security operations. The modern extended detection and response (XDR) platform protects 300+ servers across the University’s estate. Application-based behavioural analytics pinpoints evasive threats, and machine learning profiles the behaviour to detect anomalies indicative of attack.
Cortex XDR ingests data from multiple University and external sources, including antivirus software, the firewalls, Cisco IPS, and mail gateways. Hement elaborates: “Cortex stitches separate data, alerts, and insights together, giving us a single, consolidated root cause view of incidents and user behaviour.”
The alerts are fed into the KHIPU Networks’ SOC for investigation and follow-up. “The out of hours cyberthreat monitoring doesn’t just alert, it protects against and prevents threats impacting the University’s operations,” says Hement.
The SOC includes Cortex XSOAR to orchestrate incident detection, investigation, and remediation. Playbooks automate routine alert management, route tickets, and support the escalation of more serious risks.
“We receive automated emails with a comprehensive snapshot of an incident,” explains Hement. “It includes everything we need to act. Together, Cortex XDR and XSOAR give us eyes across the entire University estate in one standalone solution.”
Trusted endpoint security reduces risk
Wits’ security-first approach delivers holistic protection across the network, clouds, endpoints, and applications.
The benefits include that it:
- Underpins continuous, uninterrupted learning: 41,000 students and 6,000 higher education staff can teach, learn, and administrate anytime and anywhere, confident that data and devices are securely protected from threats.
- Eliminates zero-day malware, ransomware, and fileless attacks: The behaviour-based platform – with KHIPU Networks’ SOC – provides 24/7/365 advanced cyber defence across Wits’ servers, proactively identifying and blocking malware, ransomware, and file-based and fileless attacks.
- Enables the University to do more with less: With resources already squeezed, the Cortex platform automates many routine tasks, liberating security staff to concentrate on strategic, value-added tasks.
- Reduces volume of alerts: According to Hement, “With the original SIEM tool, we gave up counting how many alerts were coming in – there was so much noise. Using Cortex, we are seeing just a fraction of these alerts. The vast majority are managed silently in the background.”
- Delivers trusted security: The University recently engaged with a forensics business partner to examine an incident in parallel with an examination by KHIPU Networks’ SOC team. Both parties reported similar outcomes, validating the reliability of the strategy.
- Discovers and investigates threats faster: Cortex XDR proactively blocks attacks and collects rich endpoint data across all data sources. Unified interface facilitates management of alerts and incidents for detection and response as well as Cortex XDR policies.
"Security management in higher education is never easy. We’re relying on scarce resources to protect a large, complex infrastructure. And threat actors only need to get lucky once. Palo Alto Networks makes it far, far easier to safeguard our University infrastructure and respond instantly to incidents. By protecting what’s important in the background, we can fight fires in a different forest."
– Hement Gopal
Senior Security Engineer
University of the Witwatersrand