Navitas is an Australian based education company with roughly 70,000 students across 120 campuses in 23 countries. Employing over 7,000 staff Navitas is one of the world’s largest education providers. Navitas offers a range of undergraduate and postgraduate degrees, from pre-university and pathway programs to university, to English language instruction, vocational training and more. Over the last 3 decades, Navitas colleges have graduated hundreds of thousands of students.

“We’ve been transforming lives through education for the last 30 years,” says Gavin Ryan Global Head of Information Security, whose focus is on protecting the valuable information of students, staff, partner universities and investors.

Phishing for IP and PII On the Rise in Education

Navitas, and the education industry as a whole, face an ever-changing cybersecurity landscape with varying attack vectors and adversaries coming after their precious data. The amount of intellectual property and personally identifiable information held by Navitas is of great value on the black market for bad actors who can get their hands on it.

“The education space now has been targeted a lot more with respect to people wanting to get the research material now rather than do the research themselves,” Ryan says. “Then you’ve got all the student data that’s worth a lot of money.”

Safeguarding all of that valuable data is of primary importance, Ryan says, not least because of an environment that requires compliance with the General Data Protection Regulation and mandatory notifications following data breaches. “We’re seeing a lot of phishing attacks against our employees and against some of the students,” Ryan says.

“We’re also seeing attacks against standard vulnerabilities that exist in the wild already. So it’s very difficult using old technologies to predict what’s going to happen.”

It’s also hard for Ryan and his team to predict user behaviour. Despite time spent educating them and establishing IT hygiene best practices, “it’s very difficult to rely on them doing the right thing, all the time,” he says.

Navitas Needed to Centralize and Improve the Maturity of its Security

A couple of years ago, Navitas went through the process of improving the maturity of its security systems. The goal was to centrally manage security for its global footprint, and to improve the consistency of the underlying infrastructure in the process.

“One of the key security challenges that we face at Navitas is just the spread of our company, given the amount of countries we operate within,” Ryan explains. “Another challenge is the consistency of our infrastructure, because it’s very difficult, operating over such a massive spread of 120 colleges and campuses, to maintain everything the same way.”

During a security review it soon became evident, Ryan says, that EDR (endpoint detection and response) was the necessary solution — and CrowdStrike was the partner with the most effective solution. Since Navitas already spoke with CrowdStrike customers and explored other similar environments leveraging their solutions, it selected CrowdStrike and moved toward implementation quickly. Within days, the Falcon platform was up and running including the time to remove its legacy AV solution.

Navitas Finds Value In — and Beyond — the CrowdStrike Falcon Platform

Ryan says CrowdStrike distinguishes itself from other companies that he’s worked with by being responsive and engaged, highlighting in particular the Falcon OverWatchTM managed hunting team.

“The value we’ve got from OverWatch has been excellent,” he says. “They are in constant contact with us. If they identify something on the network, they’ll alert you to it but also help you work through it. I see OverWatch as part of my security team.”

There are other CrowdStrike features Ryan says his team uses daily that add value. “The amount of information, whether it’s to do with an alert or other aspects, is extremely useful,” he says. “It’s not a platform that just tells you you’ve got a problem, it gives you the information to resolve those problems in a timely manner. And we use CrowdStrike to make sure people aren’t taking IP on removable media when they leave the organization.”

Ryan also takes advantage of CrowdStrike University, which he says “empowers me to enable my team to upskill themselves to maximize the use of the product.”

CrowdStrike University offers professional training and education services for students who want to enhance and expand their cybersecurity abilities, from introductory to advanced capabilities. The education — which is appropriate for all employees from 24/7 security operations engineers to senior business executives and even those with non-technical responsibilities — teaches how to detect, prevent and stop breaches utilizing remote and onsite training with the latest EDR technology tools and cyber threat intelligence.

“The material they provided was very easy to work through,” Ryan says. “It was structured and it also gave you the ability to do that in your own time. We’re full-time professionals, we cannot sit down for two days and just do training.”

Ryan says he also appreciates the ease in which he can speak with senior executives at CrowdStrike, finding them both open about where CrowdStrike products are going and willing to receive feedback, some of which Ryan has seen incorporated into the platform.

“CrowdStrike was the right solution three years ago and it still remains the right solution for us,” he says. “From what I’ve seen in the roadmaps that CrowdStrike openly share, I believe it will still be the right solution in three years’ time.”

Reducing the likelihood of breaches in partnership with CrowdStrike, Ryan is helping Navitas deliver services to thousands of aspirational learners each year and, in the process, transform their lives through education.