January 25, 2024
How One K–12 School Got Affordable Help Managing Cyberthreats
In Eden Prairie, Minn., school IT officials found a partner to monitor network traffic, improve phishing awareness and free up internal staffers to support teaching and learning.
As he watched other Midwestern school districts get hit by crippling ransomware attacks, Alex Townsend knew that his own district needed a better way to monitor its IT environment for potential intrusions.
“You look at those attacks, and you say, ‘We’re next,’” recalls Townsend, director of technology for Eden Prairie Schools, a district of about 8,600 students located in the suburbs of Minneapolis. “We’re a resource-rich environment. I think about the data that we hold. I don’t want to be the person responsible for the Social Security numbers for a group of 8-year-olds being compromised, and then they have to deal with that for the rest of their lives.”
Townsend knew that manual log monitoring was unsustainable — and also likely to be ineffective over the long term. But district leaders weren’t sure what solution would best solve their cybersecurity challenges. That’s when Townsend turned to CDW, the district’s longtime technology partner, for help. CDW was able to suggest best-in-class tools from a handful of vendors, and the district ultimately went with managed detection and response, managed risk, managed security awareness, and incident response services from Arctic Wolf.
“It’s a common issue in K–12 education: not enough people, too many blinking lights,” says Oleg Krylov, an executive account manager for CDW who works on Eden Prairie’s account. “Schools often don’t have the people or the skills internally to handle all of their cybersecurity needs, and that’s where Arctic Wolf comes in. It’s the people side of things: They have people reviewing the alerts that get to school districts, and they offer ongoing consultative help long after the sale. That’s the silver bullet.”
After Drowning in Alerts, Outsourcing Log Monitoring Serves as a Lifeboat
Zac Huntley has seen Eden Prairie’s engagement with Arctic Wolf from both sides. He was the security solutions executive at Eden Prairie until the summer of 2022, when he transitioned to CDW as a senior inside solution architect for cybersecurity.
Organizations across industries struggle to attract and retain cybersecurity professionals, and it is common for K–12 districts to lose staffers to the private sector, where they can often command higher salaries. Huntley says that three system administrators left the district in the span of 18 months when he was with Eden Prairie. That made it even more difficult to stay on top of the security alerts that the IT team was receiving from up to two dozen different systems.
“We were drowning in alerts,” Huntley recalls. “We had a bunch of point solutions that had been acquired and implemented over time to meet certain security standards and mandates. You would have 10 tabs open trying to chase down one thing, and it just became untenable.”
Huntley adds, “You could get to the end of that, and the alert might turn out to be a complete nonissue. It was this futile exercise in manual threat hunting, and you’re talking about 60 to 90 minutes for every set of alerts. Do the math on that, and it feels like an infinite number.”
Townsend says that working with Arctic Wolf for cybersecurity services has taken the burden off internal IT staffers, allowing them to focus on supporting users and implementing strategic projects. The partnership has also opened up capacity and essentially created a 24/7 security operations center (SOC).
The percentage of K–12 school districts that have a full-time employee dedicated to network security
Source: CoSN, CoSN 2023 State of EdTech Leadership: Tenth Annual National Survey, April 2023
“It’s really a true partnership. Our tickets are a back-and-forth, not a one-way conversation. They’re proactively meeting with us, looking at things like Active Directory, firewall rules and network configurations, to tell us what they see in our environment and what we can do to better ourselves.” — Alex Townsend, Director of Technology, Eden Prairie Schools
“We were able to eliminate several of our existing platforms and replace multiple systems with this one offering,” he explains. “Before, we were doing everything on our own, and it was taking up a lot of our time to sort out whether alerts were just noise or if they were things that we needed to alert our administrative team about. Now, after implementing Arctic Wolf, we’re only generating tickets for things that we care about.”
Platform Consolidation Leads to Declines in Security Costs
Dave Donarski, CDW’s advanced technology account executive for K–12 in Minnesota, notes that IT leaders must often convince superintendents and school boards that robust cybersecurity tools are worth the investment.
“Until a couple of years ago, the mindset in K–12 has been, ‘We’re a small school district, not a bank with millions of dollars, so why would anybody attack us?’” Donarski says. “Since then, the attacks have gotten so intense and frequent that insurance companies started clamping down on districts. That led business offices to start thinking about this issue, but the rest of the district leadership is not necessarily there. That’s why there’s sometimes a chasm to cross in getting this kind of thing approved internally.”
Townsend notes that the cost of Arctic Wolf’s solutions is dramatically less than the expense of staffing a full-time SOC. Additionally, he says, the purchase allowed the district to phase out some other solutions, ultimately bringing down net costs. “In the grand scheme of things, the expense isn’t actually that much,” he says. “We were able to replace multiple systems that we were using, things that were taking up much more of our time.”
Townsend says that CDW was instrumental in helping the district choose a platform that would meet its needs. “Oleg is a fantastic account manager, and he really listened to us to understand what we were looking for,” Townsend says. “He was able to say, ‘If this is what you want, here are the best options for you.’ Instead of looking at 12 different vendors, we were looking at the ones that we knew were going to provide us the best opportunity to be successful. That impartial, third-party advice is really important.”
Shore Up K–12 Cybersecurity with These 5 Steps
In their “Protecting Our Future” report, the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency advise K–12 school districts to leverage low-cost cybersecurity resources, seek grants and push vendors for strong default security controls.
But first, the report says, schools should take these five steps:
1. Implement multifactor authentication.
A strong password with a second credentialing factor is enough to stop many attacks.
2. Prioritize patch management.
Outdated systems are more vulnerable to attackers.
3. Perform and test backups.
Incomplete, damaged or nonexistent backups make it impossible to fully recover after a ransomware attack.
4. Minimize exposure to common attacks.
IT assets accessible via the internet should not expose frequently exploited services.
5. Develop and practice a cyber incident response plan.
This written plan should outline what the district must do before, during and after a cybersecurity incident.
Striking a Balance Between Security and Modern Learning
Townsend says that Arctic Wolf has become “invaluable” to Eden Prairie. In fact, the partnership is so important that the district now won’t adopt solutions that don’t integrate with the vendor’s monitoring tools. Arctic Wolf ingests millions of log events from the district each week, returning only a handful of relevant alerts. Critically, the vendor also makes its professionals available to Townsend and his team to help address those incident tickets.
“They’re not just a ticketing platform, where they send us information and wish us the best of luck,” Townsend says. “It’s really a true partnership. Our tickets are a back-and-forth, not a one-way conversation. They’re proactively meeting with us, looking at things like Active Directory, firewall rules and network configurations, to tell us what they see in our environment and what we can do to better ourselves.”
Huntley notes the value of outsourcing, which gives IT staffers more time to support students and teachers. “The IT team has a million things to do, but their main focus is on student success and teacher success in the classroom,” he says. “Nobody at Eden Prairie has the word ‘cybersecurity’ in their job title. Their job is to keep the network up and running and to keep learning happening.”
In addition to alert monitoring, Townsend says, Eden Prairie is getting substantial value from Arctic Wolf’s managed security awareness offering. The service sends simulated phishing attempts to faculty and staff and then provides short, on-demand training videos to help them better identify spoof emails. The videos are only a few minutes long, and they provide the knowledge employees need without requiring Townsend’s team to conduct time-intensive training sessions.
“At some point, everyone has to recognize that these threats are not stopping,” Townsend says. “Schools are target-rich environments, but we don’t have huge security staffs. We’re designed to help kids get the education they deserve in the classroom. Our primary goal is educating our children so that they can grow up and be strong contributors to a 21st-century workforce. Our partnership with Arctic Wolf helps us to strike that balance.”
Story By Calvin Hennick, a freelance journalist who specializes in business and technology writing. He is a contributor to the CDW family of technology magazines.
Photography by Brandon Mitchell/Eden Prairie Schools