• Technical contribution
  • Network and Application Security

Duo and Umbrella Thwart Malware & Phishing Attacks at Texas A&M

University system secures Internet and application access for 11 campuses and nine state government agencies

itsa365: woman in front of laptop, duo and Cisco Umbrella in the background
Universities are prime targets for malware and phishing attacks. With large groups of people gaining access to a network from all over the world through personal devices and computer labs, often for short periods of time - maintaining cybersecurity can be tricky. Universities have to verify trust in the devices connecting while adopting a frictionless "trust no authentication to the network that cannot be verified through a variety of factors" stance. Otherwise known as a "zero-trust" policy.

The objective: Establishing consistent security controls

The A&M University System needed to ensure that 183,500 users across 11 campuses and nine state government agencies could connect to the internet without becoming vulnerable to malware and phishing attacks, accessing prohibited websites, or opening the door to information theft. 

The solution: Secure internet access anywhere and everywhere

Using Cisco Umbrella and Duo Security, to support its security strategy, the Texas A&M University System has been able to reduce malware and phishing attacks, protect employee paychecks, secure application access, and enable faster incident investigation and response – ultimately freeing up 100 hours per week previously spent on investigation and remediation. 

According to Texas A&M University System CISO, Danny Miller, “Attackers were setting up new sites for just a day or two and luring our users to them to distribute malware. With Cisco Umbrella’s ability to block malicious and newly seen domains, we could say, ‘If that site’s less than X days old, we’re not going to allow connections to it.”

The A&M System gained a first line of defense against threats since they can block requests from malicious domains and IPs before a connection is made. 
“After the first month of using Cisco Umbrella, the number of malware blocks was in the millions,” says Basile. 

Cisco Duo delivers a trusted access solution to safeguard different risk profiles, including remote users. It provides strong user authentication and better visibility to ensure access to applications and data is not compromised. With multi-factor authentication at its core, Duo added a critical level of security by verifying the identity of all users before granting access to remote applications and resources.

“Duo was really the best solution for us. It had a lot of native integrations with other tool sets, and it was quick enough where it can just be a push to your phone. Since we rolled out Duo, we see a lot fewer attacks coming in over our VPN or going to the HR systems,” reports Basile.

The results: Faster mitigation of threats and near elimination of phishing attacks

“Duo and Umbrella are key components that allow us to stay on top of our changing work environment and the changing network of bad actors that are constantly coming at us,” says Basile

In addition to using the Investigate console for threat intelligence, the Texas A&M University System security team discovered another use case: they use Investigate as a training platform for students studying to be security analysts. 

“By teaching our security interns, we’re giving them two years of experience so they can immediately pivot out into the industry as thought leaders,” Basile says. “I’m very privileged to be able to use tool sets such as this not only to train our students, but to protect our users no matter where they are, as we see the security landscape really changing.”

“Duo and Umbrella bring a different portion of the security stack towards the customer. While they may not see Umbrella working in the background, and they definitely see Duo every time it protects them; both are working to protect that user no matter where they are... and that is a huge win for us in cybersecurity. They give us a greater level of visibility into authentication and internet activity, while showing how we’re protecting users out there in the field,” reflects Basile.