December 09, 2024 2 Minute Read

The digital age has ushered in unprecedented opportunities for education, but it has also exposed institutions to an increasingly complex cyber threat landscape.

In a recent CAUDIT-hosted webinar, Trustwave and Curtin University detailed their collaborative efforts to secure one of Western Australia's leading educational institutions.

Led by James Kucan from Trustwave and Robbie Whittome, Curtin University's CISO, the session provided an in-depth look at how strategic partnerships and tailored security measures can transform an organization's cybersecurity resilience.

Setting the Stage: The Threat Landscape at Curtin

Curtin University, recognized as a global leader in research and innovation, faces unique challenges. Curtin's threat surface is expansive, with an open-access environment, a sprawling network of over 4,500 applications, and stakeholders ranging from students to government entities.

Whittome described the university's key vulnerabilities, including insider threats, malicious actors, and increasingly sophisticated phishing schemes targeting students and staff. These factors, combined with non-profit budgets and regulatory requirements, have demanded a creative and robust approach to cybersecurity.

The Trustwave-Curtin Partnership: Building a Resilient Cyber Framework

The partnership between Trustwave and Curtin University began with a simple but vital goal: to ensure 24/7 threat detection and response while maximizing the university's limited resources. Whittome emphasized the importance of visibility and control in managing Curtin's diverse and dynamic environment.

Phase 1: Laying the Foundation

During the initial phase (2020–2021), Trustwave implemented a centralized security operations center (SOC) to provide round-the-clock monitoring and response. Key outcomes included:

• Enhanced visibility into potential threats through unified dashboards.
• Streamlined vulnerability management processes.
• Faster response times, significantly reducing threat dwell time.

This phase also revealed limitations in Curtin's legacy systems, paving the way for adopting Microsoft's cutting-edge tools in later phases.

Phase 2: Scaling Up with Microsoft

In 2022, Curtin integrated Trustwave's Managed Detection and Response (MDR) services with Microsoft Defender and Sentinel. This upgrade brought several enhancements:

• Greater precision in threat detection through enriched alerts.
• Reduced noise, allowing Curtin's security team to focus on critical incidents.
• An improved understanding of threats leveraging Trustwave's SpiderLabs Threat Intelligence.

The collaboration also introduced advanced threat-hunting capabilities, enabling the detection of unknown threats that traditional controls might miss.

Phase 3: Optimisation and Future Goals

Moving into 2024, the partnership continues to evolve. Trustwave's expertise in Microsoft solutions, such as Defender XDR and Sentinel, ensures that Curtin stays ahead of emerging threats. Adopting Co-Managed SOC models and security awareness programs has further strengthened the university's cyber posture.

Insights from the Webinar: Key Takeaways

1. Strategic Investment in Technology: Trustwave's unique ability to align with Microsoft's ecosystem has been pivotal. As a verified Microsoft MXDR partner, Trustwave offers seamless integration and maximum return on investment.
2. Tailored Solutions for Education: Whittome highlighted the value of services designed for the education sector's complexities, such as cloud monitoring, advanced threat detection, and ongoing vulnerability management.
3. Continuous Improvement: The partnership's phased approach underscores the importance of agility. By iteratively assessing and addressing gaps, Curtin has maintained a proactive stance against threats.
4. People and Processes: While technology is a critical enabler, Whittome emphasized the human element—training staff and fostering a culture of cybersecurity awareness is indispensable.

Reflections on the Partnership

Whittome summed up the journey with four themes: partnership, service evolution, value delivery, and measurable impact. Curtin's ability to navigate the intricate threat landscape without significantly increasing its cybersecurity team is a testament to the effectiveness of its partnership with Trustwave.

James Kucan echoed these sentiments, pointing to the scalability and adaptability of Trustwave's services. Focusing on offensive and defensive strategies ensures that institutions like Curtin are well-prepared for the future.

Closing Thoughts: A Model for the Sector

The Trustwave-Curtin collaboration serves as a blueprint for other educational institutions grappling with similar challenges. Organizations can achieve remarkable results even with constrained budgets by leveraging strategic partnerships and prioritizing continuous improvement.

For those who missed the webinar, a recording is available here. We encourage cybersecurity professionals in education to explore these insights and consider how a partnership like this could transform their security operations.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.