Like all other learning institutions, Singapore’s Nanyang Technological University (NTU) had to shift to online classes due to the pandemic. Apart from ensuring that its online teaching and collaboration tools are up to par, there was one other aspect that needed updating.
“With the unexpected move to remote learning, NTU was faced with overwhelming alerts and the lack of automated correlation capability. There was an urgent need to automate threat investigations and utilise rich data and tools for analysis,” said Christopher Lek, NTU’s Director for Cybersecurity.
Previously, the university used various security products to detect threats across email, endpoints, servers, network, and cloud infrastructure. However, these have certain limitations.
“While these products provide visibility into the activities occurring within the organisation, each of them offered siloed threat information and integration of security solutions to security analysts,” Lek said.
For NTU, the use of Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) technologies is simply not enough, for while they are effective tools for threat detection and response, they come with critical gaps in terms of visibility and analysis.
In order to prevent further disruption to the academic calendar, NTU had to turn to XDR (extended detection and response) technology for its security.
“XDR fits perfectly with our needs. With multiple devices to look after, it works to break down data silos across thousands of devices, applications, productivity suites, user identities, and cloud deployments that attackers rely on to remain undetected,” remarked Lek.
“For example, XDR provides us with investigative tools such as behavioural analytics and automated remediation capabilities. These are tools that are essential to detect critical vulnerabilities such as Apache Log4j, a security vulnerability that allows attackers to execute malicious code remotely. Integrating XDR technology is essential to help detect these vulnerabilities before they escalate and cause irreparable damage,” he added.
The university quickly researched among security vendors and finally went with Trend Micro’s Vision One platform.
“In our search, many competitors lacked the network visibility to support ‘true’ XDR. Oftentimes, these vendors could only provide the capabilities of an SIEM platform – a once-promising technology that quickly became unruly in the cybersecurity landscape, and without orchestration or analysis became just another dumping ground for logs and data,” noted Lek.
“When it comes to visibility, having a consolidated view of our current security status and how it evolves over time can be challenging,” he continued. “It is even more challenging to identify where action should be taken. Trend Micro’s XDR helps us see more, respond faster, and become more efficient. Overall, its capabilities of providing a full view of the environment from the security stack is helpful to us.”
According to David Ng, Country Manager for Singapore at Trend Micro, the education sector is one of the most popular targets for hackers, and with remote learning continuing to expand the attack surface, organisations need security solutions, such as XDR, to detect and counter sophisticated threats.
“Our XDR solution is ideal for organisations that are looking for a platform to deliver cross-telemetry integration of traditional security. With our XDR services, security teams receive on-demand response and mitigation support from our threat experts to combat and reduce the severity of attacks. Additionally, our technology leverages APIs and third-party integrations, including SIEM and SOAR,” said Ng.
Lek spoke more on how they redesigned their security: “To manage the remote landscape, we adopted a defence-in-depth strategy which includes the deployment of multiple security solutions and XDR. This multi-layered approach with intentional redundancies improves our security system as a whole and addresses many different attack vectors. Trend Micro’s platform aligns with our approach by integrating layered defence measures across our multiple solutions.”
Aside from threat detection and response, Trend Micro’s forensic investigative tool has also helped to create a root-cause analysis of the attack vectors, dwell time, spread, and impact.
“This is particularly important to the university to gain a better understanding of threat actors and their evolving tactics,” said Ng.
“Vision One helps improve the performance metrics of NTU’s Security Operation Centre, such as ‘mean time to detect’ and ‘mean time to respond’,” said Lek.
Securing the future
As one of the two largest public universities in Singapore, NTU has sought out to prioritise technology and innovation, as laid out in its NTU 2025 strategic plan. NTU’s overarching tech strategy, Lek said, involves continuously leveraging technology to reimagine better ways of doing things.
This includes the following:
- Leveraging technology to transform teaching and learning
- Providing sustainable digital research and innovation infrastructure to support discoveries
- Building an agile and future-ready workforce
- Creating a collaborative digital workplace
- Building a secure and cyber-resilient university
“In terms of cybersecurity, NTU plans to standardise our practices and processes to better protect the university and research institutes by increasing collaboration, reducing complexity, and improving their efficiency and effectiveness,” said Lek. “The adoption of solutions and industry best practices will ensure strong alignment among NTU’s stakeholders. Looking ahead, we will embrace agility and collaboration to drive these initiatives and future-proof our organisation.”
For Trend Micro, significant investment will continue on threat research.
“We have dedicated 15 global threat research centres, as well as hundreds of researchers and data scientists, continuously gathering intelligence to better protect our customers. One of the key examples of our extensive threat research is the Zero Day Initiative (ZDI), a vendor-agnostic bug bounty program that has detected more than 135 critical vulnerabilities in the past year,” said Ng.
“Our research and insights on the threat landscape are translated in each of our solutions. For Vision One, we use the data to improve the efficiency of our platform. Additionally, the platform provides ongoing visibility to internal assets (e.g. devices, identities, applications) but also external, internet-facing assets. This is crucial for attack surface management, providing organisations like NTU with a more holistic internal and external view,” he added.
The cybersecurity software company is also looking to flesh out more use cases for new and emerging technology, to further complement their existing security solutions.
“Emerging technologies like artificial intelligence (AI) and machine learning (ML) have played a massive role in our product advancements. One example is the Business Email Compromise detection techniques used in our email security products. Another example is Writing Style DNA, which uses AI to recognise a user’s writing style based on past emails, and then compares it to suspected forgeries. Our technology then verifies the legitimacy of the email content through an ML model that contains the legitimate email sender’s writing characteristics,” he concluded.