Large Independent School District Fights Off DDoS Attack on First Day of School
On the first day of remote learning due to the pandemic, this school district realized they were under a DDoS attack and all virtual meetings, virtual classrooms and email were unavailable.
- Arbor Edge Defense® (AED)
- Managed AED
The School District was not able to fight off DDoS attacks during the first 3 to 4 days of pandemic driven remote learning with current infrastructure. They asked a mutual trusted partner of NETSCOUT® for assistance. After day 4, attacks were mitigated and managed with a remotely installed try and buy AED by the NETSCOUT Managed Services team.
One of the largest Independent School Districts in Texas, United States serves a number of cities and towns and portions of unincorporated Harris County. For the 2018–2019 school year, the district enrolled over 40,000 students.
This ISD had not seen any large attacks or a high volume of attacks over a period of two years, so they felt that the DDoS protection provided by their internal infrastructure, namely their firewalls, was sufficient to meet their needs. Their needs changed once the pandemic hit and they were forced to move to a virtual environment for everything their students and teachers required access to on the network. During testing and prior to the school year they did not feel any effects from DDoS activity, so they assumed their firewalls were taking care of it. Once the school year began and the network was overwhelmed with legitimate users in the form of teachers, students and parents attempting to gain access to virtual meetings, virtual classrooms and email, the cracks began to show and many of the districts’ stakeholders could not access the network. This was determined to be the combination of the illegitimate traffic along with legitimate traffic overpowering the system.
The district reached out to one of their trusted partners to help them identify and eliminate the illegitimate traffic because they knew that the network should be able to manage the traffic from their legitimate users. Once the school year started and teachers, student and parents started hitting the network, the firewalls failed and DDoS traffic was taking down parts of the network thus availability evaporated.
The ISDs trusted partner reached out to NETSCOUT Arbor team for help. In the initial analysis they were not sure which product should be recommended but after a discussion with the network operators they decided on the AED 2600. The ISD requested for a proof of concept (POC) or try and buy prior to purchasing. During the POC period they realized that they did not have the required bandwidth within current staff to manage and maintain the AED so they could get the most out of it by fine tuning the appliance to take advantage of NETSCOUT Arbors world class Threat Intelligence from the ATLAS® and ASERT teams. By the end of the POC they decided that they would also engage NETSCOUTs managed services team to manage and maintain their AED implementation.
AED is the on premise, Always-On, perimeter defense that will identify and mitigate all DDoS traffic coming into their network. AED will also identify and block any IoCs that are attempting to communicate with the outside world eliminating potential data breaches from malware or ransomware.
Since fine tuning of the AED appliance the ISD has not experienced any downtime due to DDoS.