The Challenge
- Protect the team’s valuable research data
- Prevent attackers from taking advantage of uninformed users
- Educate students and staff on cybersecurity best practices
The Solution
- Proofpoint Targeted Attack Protection
- Proofpoint Email Protection
- Proofpoint Security and Awareness Training
The Results
- Detects threats in real time to help security team adapt strategies
- Secured university from email and targeted threats
- Improved efficiencies by increasing resources for security team
The Challenge
For research universities like KAUST, the need to exchange information as freely and openly as possible makes the challenge to protect it even greater. Located on the Red Sea coast in Saudi Arabia, KAUST conducts goal-oriented research to address global challenges related to food, water, energy, the environment, and health and digital technologies. Its diverse community includes professors, researchers, postdocs, students, other university staff and their family members—and some of the world’s brightest research minds from over 120 countries.
“Our researchers need to work freely,” said Ayad (Ed) Sleiman, head of information security, King Abdullah University of Science and Technology. “They can’t have too many restrictions. In their research, they need to be open and collaborative with a lot of other institutions around the world.”
This leaves the security team at KAUST with a complex challenge on their hands. Its operations are split between education and research priorities. Each area has different risk management needs, perspectives, vulnerabilities and priorities. And its security team has a variety of full-time employees, contractors and trainees—all needing different levels of cybersecurity knowledge and awareness.
In addition to protecting the services that support the university’s education and research, the security team must also align with the institution’s overall mission to support Saudi Vision 2030, contributing to the knowledge economy of Saudi Arabia.
When protecting such a vast and varied attack surface, perimeter protections and controls can only do so much. KAUST understands that since most attacks target people, its people are its strongest line of defense.
“The majority of cyber attacks originate through email, such as phishing emails that target people,” said Sleiman. “At KAUST, we believe that a combination of technology and our employees as a ‘human firewall’ is vital in keeping our valuable research secure from today’s cyber criminals.”
“Unfortunately, in recent years several universities have been the target of cyber criminals,” he said. “These attacks target people, not necessarily the institution. That means putting people at the heart of our cybersecurity strategy was vital. We also needed to ensure we were keeping pace with the threats that are targeting our industry and adapt our solution to address this.”
Ayad (Ed) Sleiman, head of information security, King Abdullah University of Science and Technology
The Solution
KAUST’s security team needed a security tool to detect inbound threats at high volume. They also needed a layered defense approach, to not only protect emails, but also fortify their “human firewall.”
“The way we handle security at KAUST purely comes down to risk management,” said Sleiman. “When choosing a solution, we constantly assess the evolving cybersecurity risk we are facing and choose the best solution to address this. We recognized that the human element is a huge part of this potential risk, so it was extremely important to be able to tighten the technical controls and awareness of our employees. We also needed to arm them with the best tools from an email security perspective to remove some of the guesswork from their already busy workloads.”
The KAUST human firewall program augments technology by monitoring and classifying the behavior of users on the network, providing a score based on their behavior. For example, if a user has never clicked on a simulated or real phish or violated any security policies, then they would have a positive score. This approach provides insights that let the university group its users based on risk.
After in-depth research, delving into the reports from Gartner, IDC and Forrester, KAUST implemented a solution based on Proofpoint Email Protection and Proofpoint Targeted Attack Protection (TAP).
“Proofpoint was the clear winner as our partner of choice,” said Sleiman. “Notice the use of partner, not vendor. We want to work with companies that we think could be potential partners for us in mitigating the risk around cybersecurity.”
The Results
Proofpoint people-centric cybersecurity solutions allow KAUST to dig deeper into user behavior, flag the most attacked, and deliver the right training to the right people at the right time. With unique and powerful insights into the university’s Very Attacked People™ (VAPs), KAUST can assess its position in the threat landscape, deploy controls and confidently adapt its security posture.
“Proofpoint has strengthened our ability to monitor the threats we face and better prepare our employees to deal with and identify them,” said Sleiman. “It provides us with ample information so we can make well-informed decisions based on real-time insights, and it gives our team the capacity to plan ahead.”
Proofpoint Email Protection lets the team examine a risk and its threat, together with vulnerability.
“We can tell who is clicking on a page and who is vulnerable, but we also know the threats they are facing,” said Sleiman. “By combining this information, it creates a better risk score. This allows us to deliver even better awareness for those who are most attacked.”
Empowering its people to protect its data and networks is just one facet of a multilayered approach. Proofpoint solutions have allowed the university to complement its human firewall with targeted attack prevention and threat response. This allows the organization to block threats before they reach the inbox and quarantine any malicious email that may still get through.
“Before we had Proofpoint, the Shamoon 2 attack hit Saudi Arabia, devastating a lot of government and private institutions,” said Sleiman. “One of our human firewalls picked that up in 17 seconds. But we don’t have a 24/7 human firewall. So if users were not on the lookout in the morning and clicked on that email, we could have suffered a network or data breach because that was a zero day. But now, with Proofpoint, that email would be pulled out automatically. So even users who may not be very well trained are protected.”
This multilayered defense from Proofpoint has bolstered KAUST’s overall security posture, and this enables the institution to streamline its research processes and keep its data secure now and into the future.