Brooklands College rolls out Sophos endpoint solution across its entire network

The Conficker worm, also known as Downadup, first surfaced in November 2008 and has infected thousands of business networks. The infection attacks unpatched computers by exploiting weak passwords and USB storage devices. The widespread use of USB drives by students has meant that schools and colleges have been particularly badly affected by Conficker – the infection also spreads beyond the education environment, as students use USB devices on both college networks and at home.

The survey revealed that the increased need for access control is not only for the protection of people, but also for the protection of belongings, equipment, hazardous materials and confidential information. Many people referred to an increase in the level of threat from crime and see access control as a way to deter theft. In recent years there has also been greater emphasis on the need to create safe and secure environments for children and vulnerable adults. Providing access control in schools and on hospital wards, for example, can help achieve this.

Sophos is providing endpoint protection to Brooklands College, a further education institution based across two sites in Surrey and Kent in the South East. Having struggled with the notorious Conficker worm – an issue that the previous security solution could not resolve – Brooklands consulted Trustmarque Solutions before deciding to move to Sophos Endpoint Security and Control. Sophos successfully cleaned up the initial, long-standing outbreak, significantly reducing IT support overheads, while also helping to improve overall network performance.

At one point, Conficker had infected every single machine on Brookland’s College network – equating to 2556 infections. This caused a problem for the college with its internet service provider, as the worm recruits infected computers into a botnet – a network of machines that cybercriminals use to send spam and launch denial of service attacks. This in turn generates a lot of internet traffic, which can lead to networks being over-loaded.

Although the previous solution at Brooklands College was able to detect Conficker, it was unable to permanently remove the infections – the only solution at the time was to remove every single machine from the network and individually clean them, which would have resulted in an estimated four months of work.

“Conficker is really nasty. It spreads very quickly and easily and really puts a lot of strain on the network – the previous solution just couldn’t handle it,” said Peter Dietsch, senior support engineer, Brooklands College. “Although we desperately required a fix – at one point we had 600 support calls logged in a queue – in the education environment, cost is a very sensitive issue and we were concerned as we had not long renewed our contract with the existing vendor. However, not only could the Sophos solution handle the outbreak, and keep Conficker off the machines, but Sophos was also extremely flexible with regards to our various existing support agreements.”
Trustmarque Solutions, the Sophos partner involved in the deployment, provided detailed consultation and onsite support during the initial implementation.

“The amount of work that these kinds of outbreaks generate cannot be underestimated,” said Rob Newburn, Head of Information Security & Managed Services at Trustmarque Solutions. “Disinfecting an entire network is a big enough challenge, but when resources are so limited, you really need the right tools. Following onsite consultation, we were able to recommend Sophos as the best security solution for Brooklands College.”
Brooklands College has rolled out the Sophos endpoint solution across the entire network in a simple migration process, with the first 1000 machines being switched to Sophos in less than four days.

“Aside from being easy to deploy, the central console is good for getting an overview of where infections are coming from, which helps us shift towards prevention rather than cure,” adds Dietsch. “I suppose the best side-effect was that network performance improved dramatically, not just as a result of reduced load from the removal of Conficker, but also because older machines weren’t slowed down by Sophos’s memory requirements.”
In addition to providing Brooklands College with anti-virus protection, Sophos Endpoint Security and Control is an all-inclusive package including application control, device control, data leakage prevention and Network Access Control (NAC), helping to keep managed and guest computers in line with network security policies and patches.

“Worms like Conficker have been an absolute nightmare for IT departments in the education sector,” said Ollie Hart, head of public sector at Sophos. “Colleges often have very large networks with many clusters of endpoints, but IT support resources can be limited to one or two members of staff. It’s important for security solutions to directly address these restrictions – making security simpler and easier to manage.”