Business snapshot
Hopkins Public Schools is an award-winning school district serving the city of Hopkins, most of Minnetonka, about half of Golden Valley, and portions of Eden Prairie, Edina, Plymouth, and St. Louis Park. It has six elementary schools, one academy Chinese immersion program, a Spanish immersion program, an online academy, two junior highs, and one high school.
The mission
When the team at Hopkins Public Schools began analyzing data and information throughout their school system a few years back, they realized the need to build up and reinforce their security posture. As a first step, they sought a solution to help ensure their firewall infrastructure was up to date and capable of providing security across their environment. Like most schools, their primary goal at the time was to keep the walls of their fortress strong and impenetrable from outside threats.
However, as the COVID-19 pandemic emerged in 2020, and both students and staff were sent home, their security priorities changed.
The challenge
“COVID upset the applecart in regards to perimeter security. You no longer have a castle with a drawbridge you can pull up. Your users are everywhere, so therefore, every device is now its own castle all the time, no matter where the user goes.”
As students and teachers began home instruction in 2020, Hopkins Public Schools was presented with a new security challenge—they needed to build up their security stack to protect devices and users wherever they were. Adding to that challenge, they also expanded to support international students.
Hopkins Public Schools also had the challenge of securing a hybrid environment with both macOS and Windows machines. They had been using Jamf since the early days. As the events of 2020 unfolded, they decided to bring on Jamf Protect, which John Wetter, director of technology and information services at Hopkins Public Schools, referred to as “the best-of-breed solution for detecting and responding to MacOS threats.” That same year, they also brought on Microsoft Defender for Endpoint to secure the district’s Windows environments. But while seeking best-of-breed security solutions gave Wetter and the board of directors the peace of mind needed for managing and securing their endpoints, something was missing.
Wetter’s top priority was and continues to be the student experience. He noted, “If a solution doesn’t help facilitate and enhance the learning experience for our students, we just don’t go with it.” But keeping students secure required additional support on his team to manage, detect, analyze, and remediate threats that their security tools surfaced. Unfortunately, like many in the educational services sector, the personnel needed to respond to and take action on alerts would come at a steep price.
Retention proved difficult as well. In Wetter’s experience, he often hired IT professionals only for them to get snatched up by neighboring companies soon thereafter. As Wetter explained, “We couldn’t keep a full-time equivalent (FTE) even if we could hire one.” Nevertheless, the need for continual support of their security stack remained.
Acknowledging that endpoint protection was just one piece of the larger security puzzle, Wetter sought a partner who could augment the capabilities of his in-house team. That’s when he found Red Canary.
The solution
“Not only do I want best-of-breed Windows and Mac defenses, but I want that data ingested and evaluated by security experts. I need a real partnership.”
—John Wetter, Director of Technology and Information Services, Hopkins Public Schools
With best-of-breed solutions in place for their Windows and MacOS environments, Hopkins Public Schools needed security experts to help guide and support their internal team with alerts and threats. And that’s exactly what they found in Red Canary.
Knowing there’s no “one-size-fits-all” solution in security, Wetter appreciated how Red Canary MDR ingests alerts and raw telemetry from Jamf, Microsoft, and other security tools and helps find threats across their environment for better protection. Wetter also drew attention to Red Canary’s automation and orchestration capabilities. With playbooks built and ready to execute at any time, Wetter has confidence knowing that action will be taken for confirmed threats, whether that means automatically creating a ticket for his team to look at in the morning or isolating a machine right there and then.
“The idea that something could happen at 2 a.m. is absolutely real. All of our support people are in one time zone and our students certainly are not. Having experts like those at Red Canary and playbooks in place means we’re covered should something happen outside of working hours.”
The outcome
When asked what the biggest impact of Hopkins Public Schools’ partnership with Jamf, Microsoft, and Red Canary has been, Wetter responded, “Time and getting something done we couldn’t do with our current staffing.” With students in the U.S. and around the world, their support team was simply too small to cover their entire organization. But thanks to threat investigation, automated responses, and other benefits from Red Canary, Hopkins Public Schools now has the detection and response capabilities needed to protect their security environments.
Looking forward, Wetter also expressed a desire to push more data over to Red Canary. Beyond sending raw telemetry and alerts from Jamf Protect and Microsoft Defender for Endpoint, he’s currently looking at pushing logs from Fortinet, Microsoft Azure, Google, and other security tools to secure even more of the district’s environment.