How TU Dublin Weathered Ransomware by Securing Privileged Access to Boost Security Compliance with CyberArk

Summary

Grappling with poor third-party visibility and difficulties in securing access across their cloud and on-premises infrastructure, the Technological University of Dublin deployed CyberArk Privilege Cloud and CyberArk Vendor Privileged Access Manager to bolster its security posture and combat increasing cyber insurance costs.

Company profile

Technological University Dublin, or TU Dublin, is Ireland’s first technological university, established in 2019. With over 40,000 students, the university was formed by the amalgamation of three existing institutes of technology in the Dublin area—Dublin Institute of Technology, Institute of Technology, Blanchardstown and Institute of Technology, Tallaght.

Back in 2021, the university was rocked by a nasty ransomware attack that disrupted IT operations and deferred classes. While there were no reported instances of data exfiltration and safe access to self-hosted systems was restored quickly, the pandemonium in the wake of the outage was enough to draw college officials’ attention to their disparate identity security infrastructure.

Challenges

When the three institutes of technology in the Dublin area merged in 2019, TU Dublin was faced with managing a complicated IT infrastructure spread across self-hosted and cloud environments. Each campus had its own Active Directory and information and communication technology (ICT) systems supporting day-to-day operations.

The Active Directories containing domain admin accounts and Tier 0 devices, such as domain controllers, public key infrastructure (PKI) and system center configuration manager (SCCM), created an entitlement mess that attracted attackers. While their security teams periodically changed the passwords to their most critical accounts to prevent password-related breaches, the approach was neither efficient nor sustainable.

TU Dublin also collaborated with a host of third-party vendors and relied on manual password sharing and traditional VPN tunnels to enable secure access to its most critical resources, which resided on self-hosted and Azure servers. However, this subjected the university to significant cyber risk, as its security teams had no visibility into end-user activities within high-risk environments.

“As we are working to unify our Active Directories, we wanted a solution that would protect the crown jewels of our IT environment while securing privileged access to both cloud and self-hosted resources. At the same time, we wanted to have complete visibility of who’s accessing what and when in our environment without exposing the credentials or using VPN,” said Alan Pike, Information Security Operations and Architecture Senior Manager, TU Dublin.

Solutions

TU Dublin implemented the CyberArk Identity Security Platform to protect its most critical assets and provide secure and seamless and secure access to its third-party vendors. This two-pronged goal was supported by CyberArk Privilege Cloud and CyberArk Vendor Privileged Access Manager (VPAM).

• Securing privileged access: With CyberArk Privilege Cloud, TU Dublin is able to securely store and rotate credentials and isolate sessions to their highly privileged accounts in Azure cloud and self-hosted servers without burdening their internal team. As the security team dealt with several active directories containing a multitude of privileged accounts, rotating passwords manually was extremely time-consuming. The implementation of CyberArk Privilege Cloud accelerated time savings, enhanced operational efficiency and reduced risks of credential theft and lateral movement through a holistic implementation of an identity security strategy.
• Enabling third-party vendors: Using CyberArk Vendor PAM, TU Dublin provides third-party vendors secure access to their most critical resources without sharing credentials, VPNs or agents. Its built-in session isolation, monitoring and auditing capabilities gives their security teams in-depth visibility into external users’ activities required to mitigate potential threats and cater to auditor’s needs. They leveraged the solution’s biometric multi-factor authentication (MFA) and just-in-time provisioning (JIT) to federate access to authorized vendors for a specific timeframe.

“CyberArk ticked every box in our cyber insurance questionnaire in terms of having a PAM solution that could control and monitor privileged access and third-party access, with just-in-time access and a full audit trail,” noted Pike.

Results

CyberArk instilled a fundamental lesson on how security, compliance and control shouldn’t be complex and overwhelming.

• Reduced attack surface: By securely storing and rotating credentials and isolating sessions with CyberArk Privilege Cloud, TU Dublin eliminated the risk-prone practice of password sharing, which is regarded as one the leading causes of breaches worldwide.
• Secured privileged access: Their high-risk domain controllers and admin accounts are now securely protected using a multi-layered identity security strategy. TU Dublin layered MFA and JIT access with their existing IAM solutions to maximize threat reduction.

“CyberArk solved the problem of managing and auditing our domain admin accounts and gave us more control and visibility over our third-party vendors’ access to our servers, both self-hosted and in Azure,” said Pike. “Their HTML5 Gateway was helpful in connecting to target machines without a VPN – which contributed to reduced costs and complexities.”

–Alan Pike, Information Security Operations and Architecture Senior Manager, TU Dublin

While TU Dublin started out by protecting critical infrastructure and securing third-party access, they intend to expand their identity security strategy to the rest of the business shortly using prescriptive guidance from the https://www.cyberark.com/blueprint/.

Key benefits

• Enable operational efficiency: By overcoming the hassles of manual password management, security teams now had more time to focus on their core priorities.
• Deliver measurable cyber risk reduction: By taking a strategic approach to securing access for all identities across self-hosted and cloud infrastructure, TU Dublin is better able to make strategic decisions and protect their most critical resources.
• Satisfy audit and compliance: Over the years, the institution witnessed a growing list of questions and compliance needs regarding cyber insurance. The CyberArk Identity Security Platform enables them to meet insurance prerequisites while providing the confidence to stay ahead of attackers.