Study Group Australia

Study Group Masters Success in Security Vulnerability and Threat Management

Study Group has continuously broken new ground in the international education sector, with a history of exceptional investment, programmes, partnerships, facilities, contributions, and awards. The organisation’s leadership continues today with a relentless focus on international student needs, and a drive for growth in the modern education age.

As a leading international provider of preparatory programmes for higher education courses, career education and English language courses, Study Group needs robust IT security to support its 50,000 international students, teachers and administration staff and ensure ongoing business continuity.

Learning the Art of Robust Security

A surge in the number of hacking attempts in recent years caused increasing concern and a substantial business risk for the organisation. Although the organisation was using a patch management system, it was not continuously monitoring its network for new devices and vulnerabilities.

As a result, Study Group believed that only a strong proactive approach to security and one that could continuously monitor, identify and mitigate critical vulnerabilities, could protect the organisation. Craig Coleiro, Global IT Operations Director, Study Group, explains, "We reviewed several solutions and concluded that what was needed was a technology which could identify and show the risks, mitigations, incidents and logs while also monitoring the level of security and enabling us to take necessary steps to improve it continuously."

"We required a product that could identify vulnerabilities, incidents and logs in one console enabling us to conduct quick analysis and quick response. Tenable’s SecurityCenter CV appeared to be a great choice."

Craig Coleiro, Global IT Operations Director, Study Group

At the same time, Study Group wanted a solution that would give it the ability to monitor its network 24x7 for new vulnerabilities, devices and incidents. The solution also needed to be able to send alerts and reports identifying business risk.

“Another highly valued attribute of any solution was the product’s capacity to conduct credentialed scanning to identify vulnerabilities in applications installed on workstations and servers instead of just finding vulnerabilities from the outside on ports and services running on a device. This, in turn, would help the organisation identify which systems posed a larger risk when compared to others,” says Coleiro. Finally, Study Group sought a solution that would provide the organisation with the ability to monitor and track compliance to ascertain best practice configurations within its network.

"We looked at several solutions, but following a proof-of-concept with Tenable SecurityCenter Continuous View (CV), we believed that this solution was the best suited to achieve our organisational requirements around information security. Specifically, we required a product that could identify vulnerabilities, incidents and logs in one console enabling us to conduct quick analysis and quick response. Tenable’s SecurityCenter CV appeared to be a great choice."

Step-by-Step Approach

Tasked with the project management and deployment of Tenable’s SecurityCenter CV was Sydney-based Content Security, a trusted security advisor to Study Group for several years.

"Content Security helped us to set up SecurityCenter CV initially within our environment and were always available during the proof of concept period to clarify functions and features.

"We took Content Security’s advice on how to run different scans to get the best out of the product and to better understand what type of reports would be useful in understanding risks. The whole experience of dealing with Content Security in conducting the trial was effortless and a great value add," says Coleiro.

Meeting The Security Brief

Seamlessly deployed, Tenable‘s SecurityCenter CV solution provides Study Group with the ability to analyse vulnerabilities, attacks and logs all in one unified console. Of critical importance to the organisation is the solution’s ability to create one dashboard showing current risks at different Study Group remote sites located across the globe.

"Tenable’s SecurityCenter also gives us the ability to detect vulnerabilities on a 24x7 basis even when we are not actively running vulnerability scans. This helps us identify any critical vulnerabilities as they are introduced in the environment. In addition, SecurityCenter CV makes it easy for us to manage critical risks by sending alerts to our ticketing system and reports to our team whenever a vulnerability or risk is detected," says Coleiro.

Since going live, SecurityCenter CV has also given Study Group the ability to run different types of configuration auditing and compliance scans which it can use to monitor and track compliance on its critical systems.

"The results have been excellent. We are now continuously identifying and mitigating risks within our environment thereby increasing the security of our environment. At the same time, the ability to run scheduled scans and scheduled reports has increased productivity as we don’t have to review the console each day unless there is a risk identified which needs analysis.

"We now have insight into the vulnerabilities and risks on our network across the globe which helps us concentrate mitigation efforts in the right places. We also have the ability to audit our patch management systems to see if they are reporting vulnerabilities as fixed when these are not. Overall, we have one console that can help us correlate the risks, mitigation efforts, compliance failures, incidents, insecure configurations and logs, says Coleiro.

"Continuous monitoring for vulnerabilities and threats across all network assets is essential to protect today’s information systems," said Attley Ng, Vice President of Asia-Pacific, Tenable Network Security. "Having a platform to bring all the data together to achieve this makes it possible for organisations to streamline audits, incident response and investigations."

Moving forward, SecurityCenter CV has provided Study Group with a security platform to help sustain its excellent reputation, strong partnerships and diversity and, ultimately, to help secure its students and staff in providing for a safe learning environment.