Brock University Enhances Data Security with Imperva SecureSphere

Brock University is a leading Canadian institution located on the beautiful Niagara Peninsula in St. Catharines, Ontario. It is the only Canadian university that is part of a UNESCO Biosphere Reserve. With a student population of over 17,000, Brock turns out smart, successful graduates that enjoy one of the highest employment rates in the country—96.5 percent. Brock U offers a wide array of undergraduate, graduate and interdisciplinary degree programs. The university was determined to protect itself from the major data breaches that have been reported by so many educational institutions in recent memory.

Brock University, a leading Canadian institution, was facing a significant challenge with its IT infrastructure. The university's mainframe, proprietary database was no longer capable of supporting its online programs and corresponding web-based applications. As the university planned to move from its proprietary mainframe database to a Microsoft SQL Server environment, it was concerned about the protection of its applications and data. The new environment would support a wide array of homegrown, web-based front-end applications, including student self-service applications, administration, finance, and business applications. The university was also concerned about protecting its database against new vulnerabilities that could be introduced over time. Furthermore, the combination of its custom web applications, thousands of users, and database conversion project was going to present a significant number of opportunities for insider threats and external attacks. Given the magnitude of the conversion project and its limited IT resources, Brock wanted a solution that was easy to implement and didn't require a lot of manual tuning.

Brock University selected Imperva's SecureSphere Gateway to protect its applications and data. SecureSphere was the only solution that could protect Brock’s front-end web applications and also secure data all the way through to their backend databases—while handling custom developed applications with no impact on performance or requiring special scripting. SecureSphere provided database security throughout the University's transition period from its proprietary database to Microsoft SQL Server. It was placed in sniffing mode for two months, and when Brock went live with the new Windows environment, SecureSphere was put into production in blocking mode. A redundant, fail-over SecureSphere unit is on a span port in the lab to monitor database activity for security violations and identify web application vulnerabilities prior to production. SecureSphere's Dynamic Profiling ensures that the thousands of University users are only allowed to perform authorized actions, and that sensitive data is protected from inside and outside attacks.

• The implementation of SecureSphere was straightforward and did not require constant tuning and management. As a result, SecureSphere has not created additional work for Brock's IT staff or impacted the IT infrastructure. By relying on SecureSphere's combination of Web Application Firewall protection and database activity monitoring, Brock is able to continually modify existing and deploy new web applications without being concerned about introducing security vulnerabilities. In addition, SecureSphere helps Brock test applications in the lab prior to placing them in production. SecureSphere performs a valuable step in the Quality Assurance process by locating coding errors that violate security best practices and could introduce vulnerabilities. Since being deployed, SecureSphere has detected and alerted Brock's IT staff to the fact that a significant flow of outbound traffic was leaving its network. This allowed the University to take preventive measures against a situation they were unaware of and which could have led to a damaging and public security breach.