Case Study: Duo and Umbrella Thwart Malware & Phishing Attacks at Texas A&M
Universities are prime targets for malware and phishing attacks. With large groups of people gaining access to a network from all over the world through personal devices and computer labs, often for short periods of time — maintaining cybersecurity can be tricky. Universities have to verify trust in the devices connecting while adopting a frictionless "trust no authentication to the network that cannot be verified through a variety of factors" stance. Otherwise known as a "zero-trust" policy.
The Texas A&M University System needed to ensure that 183,500 users across 11 campuses and nine state government agencies could connect to the internet without becoming vulnerable to malware and phishing attacks, accessing prohibited websites, or opening the door to information theft.
Using Cisco Umbrella and Duo Security, now part of Cisco, to support its security strategy, the Texas A&M University System has been able to reduce malware and phishing attacks, protect employee paychecks, secure application access, and enable faster incident investigation and response – ultimately freeing up 100 hours per week previously spent on investigation and remediation.
“Duo was really the best solution for us. It had a lot of native integrations with other tool sets, and it was quick enough where it can just be a push to your phone. Since we rolled out Duo, we see a lot fewer attacks coming in over our VPN or going to the HR systems,” reports Dan Basile, Executive Director for Texas A&M University System Statewide Cybersecurity Services.
“At times, people would get a password and log in to our HR system hours before payday, change the routing number and have that paycheck routed into another location. Cisco Duo stops a significant number of those activities.”
According to Texas A&M University System CISO Danny Miller, “Attackers were setting up new sites for just a day or two and luring our users to them to distribute malware.
With Cisco Umbrella’s ability to block malicious and newly seen domains, we could say, ‘If that site’s less than X days old, we’re not going to allow connections to it,” said Miller
The Texas A&M University System now sees millions of security blocks every day, and billions of DNS requests. They are able to stop malware before it even gets to the download phase.
“Duo and Umbrella are key components that allow us to stay on top of our changing work environment and the changing network of bad actors that are constantly coming at us,” adds Basile.
They can also demonstrate the value they realized from Cisco Umbrella through its reporting.
“We can show our Board of Regents as well as our CEOs at each of the universities how much malware we’ve blocked and how many sites we’ve blocked to prove how effective we are,” says Miller. “Plus, we can now focus on much deeper threats versus the mass of different malware that’s filtered out. That’s a big deal.”
Miller continues, “And Duo really helped us defend our folks at the individual level. Prior to us having Duo, we were having cases where the bad guys knew exactly when people were getting paid, they knew exactly who to go after, they were spearfishing them. Once we put in Duo, it went from a variety of different phishing attacks that were successful down to practically zero now.”
In addition to using the Investigate console for threat intelligence, the Texas A&M University System security team discovered another use case: they use Investigate as a training platform for students studying to be security analysts.
“By teaching our security interns, we’re giving them two years of experience so they can immediately pivot out into the industry as thought leaders,” Basile says. “I’m very privileged to be able to use tool sets such as this not only to train our students, but to protect our users no matter where they are, as we see the security landscape really changing.”
“Duo and Umbrella bring a different portion of the security stack towards the customer. While they may not see Umbrella working in the background, and they definitely see Duo every time it protects them; both are working to protect that user no matter where they are... and that is a huge win for us in cybersecurity. They give us a greater level of visibility into authentication and internet activity, while showing how we’re protecting users out there in the field,” reflects Basile.
Try Duo For Free
With our free 30-day trial and see how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.