VMware’s technology prevented at least two cybersecurity breaches across 77 school districts in Texas.
“As far as servers where it was noticeable, we had two additional instances where a user clicked on something they shouldn’t,” said Rory Peacock, deputy executive director of technology service for Texas’s Education Service Center Region 11.
Since the education service center deployed VMware, “it’s a whole lot easier to sleep at night,” he added.
ESC Region 11 is one of 20 education service centers across Texas that provide technical assistance, professional development, and educational programs management. Region 11 is one of the largest ones, covering 10 counties in North Texas. It’s responsible for nearly 600,000 students across 77 public school districts and 66 charter campuses. It also serves 70,699 educators.
Peacock’s team of 30 provides IT services to this region, which is roughly the size of Massachusetts. “We wear lots of different hats, from helping small districts with technician-type work to being one of the largest website and library systems hosts in the state and the nation,” he said.
His only regret is not deploying VMware NSX networking and vRealize Network Insight sooner.
Peacock started working for ESC Region 11 in 2015, and one of his first orders of business was to make sure the security posture was up to par.
“We are protecting 500-plus school websites and 500-plus library systems and making sure they stay up,” he said. To that end, his team scheduled a meeting with VMware in the fall of 2015. “We liked the idea of microsegmentation and being able to prevent something from spreading across east-west traffic. As crazy as it sounds, the day of the meeting we had to cancel because we were hit with ransomware the night before.”
That happened on a Monday, and the ransomware spread throughout the network and compromised all of the region’s hosted websites. “It had us down for a number of days as we were working to bring everything back up,” he said.
The attack also put a premium on securing the network. “As a trusted partner to these school districts and as a host we had to be ready,” Peacock said. “Unfortunately we got hit in the worst possible way we could.”
vRealize Network Insight
NSX is VMware’s network virtualization and security technology. It uses microsegmention, which enables fine-grained security policies to be assigned to data center applications, down to the workload level. This isolates attacks and prevents them from spreading across the network.
vRealize Network Insight is VMware’s management and monitoring tool for SDN. It also helps accelerate application security across multi-cloud environments. It enables visibility across virtual and physical networks, and speeds microsegmentation deployment, allowing customers to manage and scale NSX deployments.
ESC Region 11 deployed both technologies in January 2016. “I would say that anybody that deploys NSX, if they don’t have Network Insight there is no way they can get the full benefit of the platform: the visibility it provides, being able to detail out exactly what machines and systems can talk to what other machines and systems, and pinpoint that in a way that you don’t have to have the command line level knowledge,” Peacock said. “It’s a must-have for the NSX environment.”
With all of its data, Region 11 remains a big target for hackers. In addition to preventing at least two attacks, using Network Insight has also allowed Region 11 to distribute the workloads that used to fall on one security engineer. It also makes troubleshooting faster and easier because of the visibility it provides.
“That definitely has been a time saver for us because it eliminates a lot of guessing or digging through logs,” Peacock said. “It has saved our security engineer hours of time because he has that assistance, and we are not having to hire multiple people to do the same job. It has saved time, money, and quite honestly a whole lot of anxiety has been mitigated by the use of that tool.”
Data Center Refresh
Vitas Healthcare, the largest nationwide hospice care company in the U.S., is another vRealize Network Insight (vRNI) customer. The company operates about 110 locations in 17 stages, including three data centers.
Adam Alicea, director or enterprise engineering at Vitas Healthcare, manages a team of six engineers responsible for the data centers.
In 2012, the company decided to refresh its data centers infrastructure and virtualize the bulk of its workloads using NSX. “A lot of that was based on simplifying and taking advantage of automation,” Alicea said. Investing in NSX without vRNI didn’t make sense, he added. “Without having this visibility into what goes on in NSX and the network, we would have had a hard time implementing things like microsegmentation and troubleshooting.”
Before signing on to vRNI, Vitas considered using SolarWinds NetFlow Traffic Analyzer to capture data from continuous streams of network traffic. “But the challenges we found were related to having such heavy east-west traffic, server-to-server communication,” Alicea said “We didn’t feel it was the best option for us to use just network flows for performance evaluation and things like that.”
The engineers also realized that using vRNI would mean they would only need to look at one interface for a complete networking and security overview. “We would only have to look at vCenter to understand what’s going on, and also we could literally export rules from studying the network traffic right into our microsegmentation,” Alicea said.
SDN Management, Monitoring
Five years later, Vitas operates a software-defined data center and went from almost no virtualization to 92 percent virtualized. The data center team shares vRNI access with the two-person security team. This allows the data center team to address any connectivity issues and the security team to do forensic investigations.
“The tool basically equates to having a pair of x-ray vision goggles where you can put them on and see literally how the traffic happens between servers,” Alicea said.
It also helps meet compliance requirements around HIPPA and other industry-specific regulations. “Because we have personally identifiable information, we have to understand where it is and how to protect it,” Alicea said. “It’s cost prohibitive to sit down all day in front of servers and try to discern what new connections comes in to which port, and it would take a lot of hours to sit down and go through logs.” vNRI automates these types of reports, which also saves time and money.