MCNC continues to build cybersecurity portfolio

Day 1 - MCNC 12 Days of Broadband 2018MCNC has a long history of partnering with the education, government, and health care communities to develop and deliver innovative technology solutions and services. Increased reliance on technology means that cybersecurity is critically important. Organizations that cannot protect their digital resources will struggle to operate effectively and efficiently.

At MCNC, we leverage our deep experience and expertise in technology and cybersecurity to help our community members protect their digital assets. Now that cybersecurity is an essential part of today's technology-driven society, MCNC continues to develop a portfolio of cybersecurity services to best serve the citizens of North Carolina. Our history positions us to be a trusted partner, advisor, and resource in the rapidly changing cybersecurity landscape.

Industry-Leading Compliance

MCNC successfully completed a Service Organization Controls (SOC) Type II examination in 2018.

The SOC Type II standard verifies that MCNC is appropriately managing security risks and is serious about data protection and effective operations. Organizations that achieve this level of certification must meet stringent requirements that prove its entire system is designed to keep its customers’ sensitive data secure. Learn more.

Squashing DDoS with Enhanced Protections

Due to the recent surge in ease and effective use of Distributed Denial of Service, or DDoS, as a weapon of cyber attack, MCNC continues to invest in DDoS auto-mitigation capabilities for NCREN.

In the first three months of the current school year (August through October) we have seen 374 DDoS attacks, an increase of 113 percent during this same period last year. As the number of attacks continue to increase, we are proud that our service is in place and customers tend to find out about an attack as we notify them of our successful prevention, as noted by Ridge Williams of Gaston County Schools.

“The service worked so quickly and so well, if we had not received the notification from MCNC that the DDoS Auto-Mitigation service had been enabled for a particular destination address, we would not even have known that anything had occurred,” said Williams.

MCNC has updated the NCREN backbone with advanced traffic routing capabilities and deployed multiple DDoS scrubbing centers on the network. In short, the scrubbing centers remove the bad traffic and allow the good traffic to continue on to customers, ensuring business services can continue functioning while minimizing the negative impact of the DDoS attack.

MCNC’s Enhanced DDoS Protection is now a standard part of NCREN services and is provided to network customers at no additional cost. This blog penned by MCNC engineers Theo Lavis and Neal Bullins paints a good picture about the significance of DDoS attacks into today’s landscape.

CMRA & Security Advisory Consulting

This fall, MCNC launched two new cybersecurity services and held a live demonstration of its fully-managed Continuous Monitoring and Risk Assessment (CMRA) service, which is an automated solution that scans a customer’s network hosts, identifies systems that may be vulnerable to compromise, calculates risks of those vulnerabilities, and prioritizes the issues for resolution based on likelihood and impact of exploitation. The archive of the demo is available.

After extensive development work and beta-testing over the summer, MCNC launched the CMRA service in mid-October. As of today, MCNC has activated this service for more than 50 NCREN customers with dozens more expressing interest.

The additional Security Advisory Consulting practice means that MCNC cybersecurity professionals are available to provide technical, policy, and leadership assistance in all areas of information security and risk management. MCNC already has started working with several customers to perform a Cybersecurity Program Review, where our security consultants evaluate a customer’s existing cybersecurity program. During the review, we work with them to determine what looks good and what needs improvement. Using the results of the review, we help build a plan to improve their security posture in a way that prioritizes the most critical cyber-risk areas. We also have engaged with some members of our higher education community to provide staff augmentation. These types of engagements include one of MCNC’s Security Advisory Consultants working alongside the customer’s existing personnel to supplement their security capabilities.

DNS Security Filtering and Threat Protections

MCNC also launched its DNS Security Filtering service in the spring.

MCNC DNS Security Filtering is a cloud-based security service that protects against malware, ransomware, phishing, and DNS data exfiltration by automatically checking requested domains against Akamai’s real-time domain risk scoring engine. Domains and IP addresses associated with malicious sites will not be resolved, preventing users from accessing the malicious sites.

Since its launch in April, over a dozen customers have add the service to their security resource toolbox. Mitchell Community College has been using the service since July, and they shared how the service has already proven its value by preventing a particularly potent phishing campaign.

Mitchell Community College CIO Jeff Benfield explained that the phishing email supposedly came from the college president, was reasonably well written, and duped some staff before he knew it was happening. The attack wanted people to read a PDF document that was actually a redirect to another site apparently pushing ransomware. When folks clicked the document, he said, it looked like nothing happened – but when further investigated the document was redirecting them to a site being blocked by the DNS filtering service as a known malware site.

“I found out later that the domain had been added to the filter the day before,” said Benfield. “If it hadn’t been for the filter we would have been hit hard. Basically, the service paid for itself in one phishing attack.”

Team Growth

The MCNC Security Team led by CISO Chris Beal has grown to a team of five, including Paul Conrad as a Senior Cybersecurity Engineer, Ruthy Mabe as Security Services Program Manager, and Sandon Nachmann and Jason Shirley as our Security Consultants.

The team plans on hiring a third member of the consulting services group after the holidays as demand for MCNC's Security Advisory Consulting service continues to grow.

Proactive Technology Partner

Cybersecurity requires the vigilance of everyone at every level of an organization. No single practice will guarantee that you will remain free from cyber compromise. It is also not a linear process. The risks evolve as fast as the technology, and we approach cybersecurity as a journey – learning and refinement are the only constants to keep pace with the cyber criminals. Read Beal’s blog: Cybersecurity starts with good cyber hygiene.

As recent major cyber incidents have shown, cyber criminals often gain access to systems and information by exploiting human error, such as clicking on malicious links, creating weak passwords, and failing to install software patches. That's why every individual – from assistants to the CEO – have an important role in cybersecurity.

All of MCNC’s new or enhanced services being offered this year build upon existing services such as Compromised Host Detection, where MCNC monitors the network for indicators that customer systems may have been compromised and alerts customers when anomalies are detected, and Managed firewall and Web Content Filtering for advanced security protection.

MCNC prioritizes investments in security and risk management solutions that mitigate the negative effects of cyberattacks on NCREN. Internal security methodologies working in concert with scrubbing center technology and configurations layered into the NCREN architecture is helping keep mission-critical applications and information safe behind and beyond firewalls with no additional costs to customers.

MCNC manages dangers and responses in the context of business risks while also strengthening its ability to rapidly detect and respond to threats on the network. It’s this level of expertise with an industry-leading security portfolio that offers even further differentiation from commercial service providers. Improving MCNC’s risk management and overall security posture was a top priority for the organization in 2018, and it will continue to be in 2019 and the years ahead.

For more information about MCNC’s security services view the MCNC Service Catalog.