Listen to Greg Herbold, Palo Alto Networks’ Director of State and Local and Education, discuss how to consistently tackle the top threats in K-12 schools in traditional and remote learning models.
Speaker 1: On behalf of Palo Alto Networks and Carahsoft, we would like to welcome you to today's podcast focused around the future of cyber secure schools, handling threats to K-12 online student safety, data, and compliance, where Greg Herbold, director of state and local government and education at Palo Alto Networks will discuss the top threats to K-12 schools in traditional and remote learning models.
Greg Herbold: We have a really interesting topic for us to go through today. It's a topic that we've been talking about at Palo Alto Networks for quite some time, but obviously it has changed in the recent climate of children not being at school, being at home. For example, you'll probably hear some clarinet soon because my son has his recital today and here we are all in the same house. But alas, that is our new disposition with all of this. So my name's Greg Herbold and I'm with Palo Alto Networks. I'm our director of programs for government and education. So I'm thrilled to get to share with you some of the thoughts we have about K-12 cybersecurity and online safety in particular. And we're going to talk about that from the standpoint of just the pure, straight up topics of what are the key risks, the top five things that we see over and over again and what can you do about those things from both a policy and the technology standpoint. We're also going to talk about what that looks like in an environment dominated by remote access.
So our focus today is going to be on education, but we will also extrapolate from this. If you're not with a K-12 school, these perspectives actually all still have bearing in many, many environments. So with that, let's dig in. To set the foundation, there's a lot of different things obviously that K-12 districts pay attention to from a cybersecurity standpoint. Some of these are regulated, some of these are just and our obligation to the children and to participate in our school systems. So protecting students from inappropriate content, so CIPA compliance, whether that's on premise or on the devices that are sent home. Safely getting to cloud, so many of our applications like Office 365 and Google Classroom and so much of the student information systems is now living in a cloud-based environment. How are we doing that safely?
Greg Herbold: Getting visibility, just keeping control over what online activities students are doing and whether that's on the campus or coming from home. The visibility in an environment where there's so much happening can be challenging. And obviously, we all know the discrete threats, the ransomware, the malware, the exploits. How do you tackle all these things in a holistic way? And then the new wrinkle, that's been thrown into our lives since February, March is how do we quickly scale out to doing this with hundreds, thousands, tens of thousands of devices in a way that doesn't overtax the physical systems that we have in place on the premises and in our environment, that's where David's going to come into at the end. So that's the foundation.
What we're going to do is start with the top five threats that we see in the K-12 environment, the things that we work with our customers in K-12 on repeatedly and share with you some of what goes into these and what are the technology and policy approaches that we recommend based on our experience with them. So the top five drumroll please is phishing, which is typically the number one. We're going to do a poll in a few seconds here, and we're going to find out if it's your number one. Internal misuse of data, this doesn't mean it's witting, by the way. Sometimes this is unwitting misuse of data that happens at the hands of faculty and administration and students. It's a robust debate about who more frequently misuses data, the administration, the faculty of the students, but that's certainly an issue.
Greg Herbold: The fact that more computers is great, and certainly in this environment of the pandemic, more devices is essential, but it does make monitoring more difficult. We'll talk about that to some length. Cyberbullying always a concern at school. It compromises school safety, it's partly a cybersecurity challenge. It certainly has policy ramifications that go well beyond the technology approach. And then encryption is more and more frequent and common. And it's something that we all have to be particularly careful with. And this is a place where policy and technology certainly meets and leads to robust debate.
So those are the five we're going to go through before we start. I'm going to kick it over and we're going to do a quick poll. And this is partly so that you can stay engaged and give us your opinions and partly because I'm curious what your answers are going to be. So the question is, and you should have a poll box that is popped up in your screen, but which of these threats to students' safety are you most concerned about? You can just log in your answer there. This will also help me determine how much time we spend on each one, we'll map to your interests.
Greg Herbold: Interesting. So as the numbers come in, I don't know if you on your screen can see the numbers, but phishing usually is the number one answer. I'm definitely seeing the monitoring, all the computers and devices popping up here. And obviously, the data about phishing and its prominence might be a little bit dated in this current climate of remote access. So number three here might be popping. But those are the number one and number two answers, it looks like is phishing and monitoring of devices, which isn't all that surprising. But there's certainly coverage across the board on this. So I'm going to figure out how I can get this poll out of my... Okay, good. So we've got the poll up, that's over on the side now if you want to look back at those results. We'll have two more of those through the session today.
But with that as context, let's dig into the number one. So phishing is important for us to pay attention to for a number of different reasons. Obviously, there's a number of risks that flow out of it. For example, it is the main vector for ransomware into K-12 environments. There've been many published stories across the United States where K-12 schools have been victimized by ransomware and phishing is usually the vector associated with that. The edtech leaders say it is the most significant threat that they face. And as an industry, this is interesting. Education sector clicks on more links than any other industry. So it's probably a function of who's in our user base and how big our user base is and what a challenge the training can be. But it's a particularly thorny problem in education.
Greg Herbold: You'll see the phony newspapers, but the actual news clips of some places where this has gone horribly wrong, right access of student records that is unknown for quite some period of time, students causing havoc, phishing their teachers for passwords, changing grades. You probably all have your own little story in mind about where this has created a negative impact. Hopefully, it's a story about one of your friends and not one of you. But even if it is, this is a topic that we can really make a dent in. So I want to flip and talk about some of the policy and the technology considerations in this. From a policy standpoint, one of the things that we see consistently as beneficial is the training that can go into this, training your staff on the technology, setting up processes for reporting suspicious emails.
I live in Northern Virginia. I know all of you are primarily in Michigan. But in Virginia, I used to spend time with Dave Jordan, who was the CSO in Arlington County. And I was listening to him describe how he built technologies in so that any of the employees that were receiving internal emails immediately had a box on any email that they got, that if it looks suspicious at all, they could click that box and it would shoot over to them. Many of you probably have similar technologies in place. It's an important policy thing to make available to people. And then also phish testing. At Palo Alto Networks, I receive these tests emails. I've got a pretty good track record on these, but we get them on a monthly basis, it seems, just to keep our skills sharp, to keep us conscious of the need, to pay attention to what those links are pointing to. And if we don't know, to be cautious and careful about what we're clicking and to look for some of the signs. So those are great approaches from a policy standpoint.
Greg Herbold: There are also technology considerations that you can bring to bear. One of the most basic is multifactor authentication, so that when someone does get hold of credentials that they've got that second prove it moment that can protect you. So that's an obvious play. The other thing that can work very effectively, it's actually a combination of two technologies, but blocking certain usernames and passwords from being transmitted to illegitimate websites. So if you're using a next-generation firewall, for example, and there's a user ID capability where you identify who your users are and what their credentials are, and there's a URL filtering capability, you can tie those two things together and have the system automatically preventing the transfer of credentials to certain known bad sites so that you can protect yourself in a secondary way there. So that's very, very effective for people.
What we'll talk about as we go through the session today and you'll see towards the end is just all the different places you can apply this. You can do this on a next-generation firewall, you can also do this on cloud-based systems. So we'll talk about that in the second half of the slides today. So that's phishing. And if you have questions, by the way, I will just remind you that you can put them into the Q&A box, which on my screen is on the left-hand side. On your screen, it may differ. But in that Q&A box, we've got a couple of people that will be monitoring those through the session. If I see a question pop up that's relevant to the particular topic like phishing, which we just talked about, I'll try to answer them in context as we go through, but we'll certainly sweep through them at the end and tackle your question. So don't be shy about that Q&A box.
Greg Herbold: So the second one is internal misuse. And you see in quotes the term miscellaneous errors. And so it's not really intentional in many cases, but it is in fact internal misuse and often on witting. And it's usually the cause of the initiation point for many, many data breaches. And in fact, miscellaneous errors calculate our accounting for about 35% of education data breaches last year. You'll see on the chalkboard there that this can lead to all kinds of problems. There have been cases where school districts get sued after student information gets leaked and gets posted. There's a lot of costs associated with the remediation of these breaches. And if you give students erroneously administrative privileges, for example, then you've got a real issue in terms of privacy that you'll have to take up with your communities.
So it's very important that we think about this internal misuse and just what are the techniques that we can put in place, because this isn't just stopping bad guys who are doing it intentionally, sometimes this is completely unintentional on the part of the user. From a policy standpoint, the discussions we typically get to and see customers embrace are around the safe and the ethical and the appropriate digital behaviors. So having a policy that documents what those things are and having training around those things, but also being able to recognize what are the threats, and having people report some of those threats. And so if you see things in your environment, having people not just let it idly go by, but having them communicate them.
Greg Herbold: There's a longer list of technology approaches here. This is a place where we have a really strong skill set and where there are many tools available to you to help address this. The first is to embrace the concept of Zero Trust. Now, we could legitimately spend our entire hour today talking about Zero Trust and what that is and how you deploy that. The concept is fairly simple. If you're not familiar with it, it's that we don't trust anyone. We don't just let people in the front door and then they get free reign of the house. The model would be essentially if you continue that metaphor, every room you go into, you've got to recredential yourself as being able to get into that room once you're in that front door. And so you're always verifying people's ability to access certain things.
What it means is having a good system that allows you to have visibility to users, visibility to the applications, and visibility to the content that flows between those two things and set policies around on how those three things can interact. That's the most foundational stuff, and then it builds from there. But again, we won't drain the swamp on Zero Trust today. But if you're unfamiliar with that, or even if you are, it's worth thinking about what role it can play and are you effectively deploying it to make sure that you are preventing misuse of information in your environment.
Greg Herbold: You can also take an approach of scanning for sensitive data that's leaving the network boundaries such as social security numbers or credit cards. Particularly with the amount of SaaS tools that K-12 is using these days, it's important to have a system that is scanning for that stuff and just looking for number of sequences and patterns or sensitive information and keeping control over that so that you know when data that's supposed to stay in bucket A gets moved over into bucket B, and that visibility makes all the difference in terms of being able to prevent it. There's also the element of being able to block certain categories of URLs so that people aren't taking information from sanc... do not just have to sanction SaaS environments, but the people aren't pushing your important information out to unsanctioned environments and people would block those. So URL filtering can absolutely help there.
And you certainly have to think about the role that decryption can play. We're going to talk about decryption in a minute, but certainly blocking actions. If there are people who really shouldn't legitimately be uploading to file sharing sites, being able to block that and make sure that that's only happening for the folks where that makes sense in your data segmentation model. So a lot of these technologies as with phishing are available on next-generation firewalls, they're also available in cloud-based solutions and the SaaS-based tools are easy subscriptions to integrate in. But we're not going to go through a lot of products today. Today, we're primarily going to talk about principles. So that's internal misuse.
Greg Herbold: So let's go to the one that was second on your ranking which was the monitoring of computers and devices. So it used to be that for... Well, for the decade almost, we've been talking about this concept of one-to-one computing. And it was an aspiration. Many people achieved it, some took a BYOD approach. In some cases, it was student on devices. There's a whole history of just the movement from laptops into Chromebooks, for example, or lighter formats, even tablets, what is the device that makes sense for a given grade level? A lot of that discussion has been replaced with the really blunt necessity of just getting students capable to continue in an educational posture during this period of time when everybody is at home.
And so this has become a very front and center topic. We saw that in the survey results, even though we had a small sample size there. It's rising in its importance to folks and the necessity of being able to do right by our requirements. And there's a number of things that come into play here, it could be COPPA, it could be CIPA, throwing your favorite acronym. But there's a regulatory push behind this, but there's also just a common sense and a goodwill aspect of this, too, is that knowing that because these devices give access to anything, what can we do to control? That's the Forbidden Forest from Harry Potter, if you're wondering about the graphic. So what are those forbidden forest items that can get students or get teachers into trouble and create issues for the district.
Greg Herbold: Tackling this issue is potentially very complex. It does put a heavy weight on policy. And this is a place where acceptable use policies really become front and center and making sure that those policies handle a bunch of different things, the different users, that can be staff, that could be students, that could be high school students having a different policy than grade school students, certainly different devices. And the primary strata there are the school-owned devices versus the student-owned devices from the standpoint of your district, or if you're not even in a district but you're, let's say, in a government agency thinking about your user base there and how are you segmenting that and which folks are going to have ability to do which things from where on which devices, is there certain data that should only go on an agency on device, for example.
So these can be complex. So that user versus device versus location, there's a lot of different combinations of those variables that can lead you to different policy approaches. And obviously, the answer can be different, district-by-district as to what those policies are. And then the key points on the bottom here we shouldn't skip over, which is what is the policy about monitoring? And we're going to talk about this at the end when we talk about encryption and what is the expectation of privacy that a student has. And particularly that school-owned devices versus BYOD, there's a robust debate about what should the expectation of privacy be if you use the student-owned device to do school-based work on how does that differ.
Greg Herbold: So Palo Alto Networks isn't the business of selling policy. But we certainly need to call out your technology decisions that you make and how you apply the technology to this should be driven by policy. The technology can accommodate all of the different policy scenarios on the left-hand box here. But it takes some finesse with a couple of different tools. It obviously starts with a robust foundation of URL filtering. Now, URL filtering is also a topic that we could spend a whole load of time on. Hundreds of millions of websites, 75 URL categories, so drug sites, hacking sites, adult sites, all of these are relevant to CIPA compliance. We also can categorize URLs by risk level and whether they're hosted on dynamic DNS platforms.
This gives you the ability to block high risk stuff, inappropriate websites and forcing safe search and making sure that that's turned on. We're seeing restricted YouTube access to only the stuff that your educators believe is appropriate for the students to be consuming in the classroom, or at home in a classroom setting. Creating alerts, performing actions based on keyword searches. So if you see certain things being searched on, you've got the ability to have those red flags so that if there's any physical safety issues or bullying, we'll talk about it next, but those considerations can all come out through this filtering. And it can also help you with just the common evasion tactics, cache results, language translation, things like that.
Greg Herbold: So it's very important to focus on URL filtering. But I will say this, and we'll recap this again, this point's going to be repeated later, URL filtering is really not sufficient in here. That might get you to CIPA compliance, that might let you submit your E-rate forms and say, "See, I have documented URL filtering, therefore, I'm good to go." It's our recommendation that you exceed super requirements and that you also move beyond URL filtering to enforce your acceptable use policies with granular security policies that take these things into account, that user group and device and application mix and who can access what from where, whether you're going to decrypt and be monitoring what's in there that rolls into this, and then other parameters like location and time of day.
And certainly within all of this, you need to be making sure that these devices have a robust set of threat preventions to block the known bad stuff that can affect those machines and then work their way into your environment, but also to deal with the unknowns. So we'll come back to that and spend a little more time there. So this is a robust area. I'm not surprised it was in your top two. But it is an area that as we'll hear at the end when we hear from David at the end. It's a place where you can get a good amount of help to support around this.
Greg Herbold: We, for example, at Palo Alto Networks, we push out what we call an IronSkillet. I won't get into the fancy marketing reasons why we call it an IronSkillet. It hardens your PAN in a PAN-OS firewall, so IronSkillet. But it's a set of Day 1 Configuration that can help you tie out to get 90% there and then make the adjustments you need to match to your acceptable use policy. So that should make your lives a little bit easier. But this is a very important topic and one that deserves obviously a lot of attention.
The fourth area is cyberbullying. And most schools have a bullying policy in place. And sometimes that's a state requirement law that puts that into the requirements set. But sometimes that's just good policy around the school. You'll see that there are in the headline there, this is something that can lead to legal issues for a district if not dealt with, contended with. But it is something that obviously has a large amount of policy and there's a technology play that can work here. It's one of the things that policy-wise is the awareness programs that promote appropriate digital usage, includes cyberbullying in your acceptable use policy, for sure.
Greg Herbold: It's not on the slide, but one of the things that is worth considering is what cybersecurity education are you putting into your youngest grade levels? So if you're in a school that has K-8 age group, for example, just having training classes on what is acceptable use and starting at a young age to train people on what are these technologies, what is your sense of identity online and how does that differ from your sense of identity in the real world, and how do you keep control of that. And these tenets of acceptable behavior often come out in curriculum. We have a set of exercises. I should have put a slide in on it, but we can certainly get information to you if you're interested is that we have cyber activities for education. It's a free set of curriculum and activities that teachers can deploy. They're chunked by age so that you get age appropriate content that trains up on some of these skills. So the policy, the educational aspects here in cyberbullying are super important.
There are technology plates obviously, requiring students to use an always on VPN so that you've got secure tunneling in, and you've got some visibility to the things that are happening, and that it's not just some other form of decryption that's keeping you from seeing what they're doing. The decryption conversation certainly comes into play here. But monitoring and possibly blocking high risk functions, controlling when chat and video are available in sensitive applications. And there's certainly been a number of discussions around Zoom and other technologies that are new in many of our education environments. What are the policies around those that we can use to help prevent cyberbullying?
Greg Herbold: Decryption is the fifth. I don't know what your number is. I should if I were smart, which I'm not. I would have put a polling question in about what percent of your traffic are you seeing as encrypted at this point. The stats that we hear, we're hearing numbers of between 70% and 95% of web traffic is now encrypted, that can hide threats from you, that can hide cyberbullying from you, that can hide all kinds of things from you. And it's interesting because malware attacks in education role are down, but the encrypted attacks are up. And so for you deciding what traffic to decrypt is challenging. It goes back to that privacy discussions that we've mentioned in this before. And obviously, you have to stay on top of this because there are new sites that are cropping up daily and not every well-filtering product is going to decrypt all of those sites for you. So it's one of those areas where URL filtering is essential, but insufficient for some of these tasks.
So encryption is absolutely a policy discussion that you need to be having. It does involve privacy, it probably involves your attorneys around the legal and the regulatory and other policy-based things that the school wants to do. Technology-wise, decryption is really not that big of a challenge for us. It's easy to deploy on a next-generation firewall, it's easy to deploy in a cloud-based firewall posture, and that can allow you to inspect the content in questionable categories. It also gives you a pretty granular level of control. It's not just a binary on/off for my decrypting or not.
Greg Herbold: You can certainly be decrypting traffic for certain sites as opposed to others. You can choose not to decrypt traffic that's coming in from any banking or healthcare environment if you're determined that that's just too much of a privacy challenge for you. So decryption is a topic that if you haven't delved into it, it gives you a tremendous amount of improved visibility, it also gives you the control that you need to match a policy around what are the kinds of traffics that it's rightful for you to expect inspect from a privacy standpoint. So those are the five topics.
Before we transition... And again, I'll remind you of the Q&A window. So if you have questions about any of these topics, I'd be happy to talk them. We do have an engineer and our local rep on the phone so that they can talk to you about some of the practical considerations if you have a more technical question than what I've asked. But before we jumped into the next piece, which is how does this all change in a world of remote access, we have our next poll question, which is around as you are planning for the fall, what are you planning for? What percent of your students and faculty are you expecting to have to accommodate with remote access, whether you plan to try to have them back on campus or not and back in the school buildings, or whether there's already some awareness of what those approaches might be? But what are you planning for in terms of what load of traffic you'll have to accommodate in a remote posture?
Greg Herbold: So we'll just give a moment for these answers to roll in, small sample size so far, but the 50% to 75% bucket is in the lead. We'll give about five more seconds. Okay. So it looks like the winner is about 50% to 75%, followed closely by 75% to 99%, so more than half. I think if I go back up to the top, only one of you said less than 50%. It's interesting if we look at the stats around this about where people were, people were planning for less than 50%, if you go back to a year ago and the discussions we were having a year ago. And now, these are the kinds of numbers that we're being asked to help school districts embrace, which is a much larger percentage, and whether that's a continuous, ongoing, consistently having more than half of students and faculty logging in remotely as opposed to from the campus, or if that's just an emergency burst capability. We certainly need a more robust remote access foundation than we've had.
All right. So let's set that poll to the side and let's dig into part two. So it's an education webinar, so you'll see the Shakespeare reference there. You've probably all seen the Globe Theater in London might close, but we were the Ides of March. Do you all remember March? It seems like a long time ago. But when we all started to see state-by-state decisions being made to close schools and tens and hundreds of thousands of schools and millions and tens of millions of students now working remotely, obviously a big question that we faced was how do we continue with our educational mission? And then for those of us involved in cybersecurity, how do we continue in that education mission while we're still protecting students? And that is essential.
Greg Herbold: And so as a result, we all started to think about, "Is our network and is our firewall, that hardware and bandwidth, sufficient to securely meet the new remote access demand that we have? Can we get enough people in, have their VPN connections terminating off our environment and keep that all secure?" So for some of you, the answer may have been yes. If the answer was no and if the answer is still no, you really don't need to worry. There are techniques and you can extrapolate all of the functionality from physical firewalls on your premises into the cloud to keep students safe.
And what we wanted to do in the second part of the presentation here is talk about what some of these newer remote access models look like, how they keep your surge of remote internet traffic from pounding your network harder than you can handle, how you can deploy it pretty fast, but most importantly, how you can do it with the same security, the consistent security, to what you do on your firewalls so that you're not driving yourself crazy now having to maintain two different approaches to security across two different modalities. And that's a really important thing particularly because there's probably some uncertainty on each of your minds about, budgetarily, what are things going to look like for the next school year and what resources will be available to you to accommodate these things? So efficiency, certainly, should be part of these discussions.
Greg Herbold: So I want to start with just a little history of where we've been as an industry because we've all done a really good job of accommodating remote access for a certain portion of our users, but a smaller portion that certainly needs remote access today. But most of our current situation is centered around a model where our mobile users fire into our data center, hit a firewall, from there, they can either reach apps that are in the data center, or they can then move out to the internet and get to any public cloud or SaaS or any internet-based resources that they need. And this has always been sufficient for us to backhaul this information through this traffic, or say, through the data center.
The challenge in our current environment, though, based on those numbers that you all plugged in in the survey is that there can be some finite scalability factors on this. Can you really add hardware at the scale of cloud or SaaS or BYOD and scale as fast as the large number of sets that we're working with here? There's also deployment challenges. Those can be procurement based. Those can be manual hardware implementations at this point and conductivity and location challenges. Some folks make the decision to think about like split tunneling and that creates security gaps. And so there's challenges there. And then there's a user experience aspect of if you've got all these customers moving over that environment the same time, you might not have the capacity to route all that traffic through your environment in a way that protects the user experience that's needed to effectively deliver distance learning.
Greg Herbold: So this is a complex scenario that we're dealing with. And again, for some, there'll be sufficiency. But for many, what we have found is that this is a challenge. And so the model that we have deployed, we call it Prisma Access. So Prisma is just our brand around it. It's focused on the access word. Is that scalable remote access for mobile users? We think there's a better model and that's what we've built. And so if you look at the difference in the graphic on the right, no longer is all of the traffic going back to the firewall for that decision about, does it stay within the data center or go out to the internet? There's now an extrapolated firewall for... Just to describe it broadly, we call it Prisma Access, but it's a point of presence, where your users can log in, and we can apply all of those same consistent security functions.
I mentioned the importance of app ID and user ID and content ID combined with URL filtering. And WildFire is a sandbox for discovering unknown threats. There's a data loss prevention, there's all kinds of things that you can do in a firewall extrapolated up into the cloud that is very consistent and managed with the same tools that you do on a physical firewall. The beauty of this model, if you follow the traffic, is that not everything has to go back to data center. If it's traffic that's destined for the public cloud or SaaS or the internet, you can get all the same security applied to it, but have that traffic go right out to the internet and not have to pass through your data center. If the stuff that needs to be accessed is in the data center, it'll certainly get routed there.
Greg Herbold: So all this takes is a quick setup of an IPsec tunnel between this pop in the cloud and your data center, and you've got some really unique ability to scale. And because this is cloud-based, it dynamically scales up and down. This isn't just a shell game where we're just loading hardware into someone else's data center, it's truly cloud-based and it scales the rate of the ISP, so the big cloud providers where we have these points of presence deployed. So that makes it very, very flexible for you as well. That's also something that you can deploy quickly. You don't necessarily need to get into your data center, you can run these tools remotely and therefore do it a little more safely.
Now, global reach is less important in the K-12 business. I don't think many of you have lots of students overseas or a need to batch your traffic around the world. But for those that do, it's there, it's usually more relevant for higher education where they've got campuses overseas and certainly for our enterprise and commercial customers that have that global presence. But it's important to know that we got you covered wherever you need your traffic to flow. As I mentioned, though, the really important thing here is the consistency of the security. So I talked about URL filtering, I described it as essential, but not sufficient.
Greg Herbold: The same way as you deploy URL filtering on your physical firewall, you can deploy in Prisma Access. And so all that traffic that doesn't hit your data center but stays up in the cloud gets all of the same security applications for URL filtering. You can quickly deploy that, enforce that, it gives you those granular controls to allow you to block users and groups and apps based on an exception-based model. You can combine it with application ID for additional control, so allow one app for... but not another for a given individual user. This gives you the ability to certainly give clean access to all your corporate permitted sites. There are user permitted sites, you can allow those. But all the things that you need to forbid access to you can forbid access to and that's important from a compliance and a responsibility standpoint.
But I said it's not sufficient. And here's what I mean by that is that you also need to be able to see the threats. You look around the industry, you'll see a lot of the pure play URL filters are now in the business of pairing up with threats intelligence providers. And that's natural. We do that automatically. And as you'll hear from David at the end, all of this is available through the Merit Marketplace as well. But doing the threat prevention to be able to block the known malware and the vulnerability of exploits and all of the command control activity, it's one clean approach, the same clean approach we use in our firewalls, it's used up in Prisma Access so that when you see a threat match based on the intelligence that we already have, that it blocks that and prevents that from damaging your environment.
Greg Herbold: And because it's all cloud-based and because it's all tied back into the same threat intelligence in the cloud, something you see on a device creates protections that end up getting deployed on your firewall back in the data center, in the environment. And all those things get pushed out across our broader community, so that if we see something in one school, we create those protections, and five minutes later, gets pushed down. That's the beauty of WildFire. And WildFire is just our brand name for the sandbox. But WildFire uses all kinds of techniques. You'll see some of them listed on these blue circles, static analysis, dynamic analysis, all the machine learning.
We have trillions and trillions of artifacts in our environment that we use that are the result of this WildFire process of us blowing things up, seeing what happens, building the correct protections, and then creating the intelligence that we push back out to our machines so that we can detect those things, so that effectively the unknown becomes known and gets dealt with instantaneously across all of the customers who use WildFire. And those same protections push down the Prisma Access as they do out to our physical and our virtual firewalls.
Greg Herbold: So this gives you good confidence that even as you let your traffic to the internet, just go straight out to the internet and not have to pass through your environment. It's getting all the same protections that would have received from a security standpoint as if you had passed it. And that's one of the key things that we wanted to make sure that we brought home from a messaging standpoint today, is that the challenge of addressing these top five threats in the K-12 posture is entirely manageable with the same consistent security, that the security challenge of moving to remote access doesn't have to be any more challenging than what you're doing in your data center with your physical next-generation firewalls.
The other challenge though is, "Okay, great, Greg, but how do I deploy it?" Try to make that easy, too. There's a few easy steps to success. If you choose to deploy this on your own, you can get simple deployment steps. We have professional services, but there's only a few things that needs to happen. You need to provision Prisma Access down onto the devices, you need to create a service connection or an IPsec tunnel from the data center up to the point of presence. You plug in Panorama, which if you're already using Palo Alto Networks firewall, you probably already have Panorama.
Greg Herbold: But if you don't, you just get a copy of Panorama and you manage all of these devices and set your policies where you can push templates that we have prebuilt, I mentioned those IronSkillets as we call them, and get the clients out to the machines and you are off to the races. And so we've had many, many schools that have done this in a week and under a week and it's a very efficient process to get it done. And the important part of it is that it acknowledges efficiency. I mentioned at the beginning, the important role that efficiency plays in all of this.
So one last thing I'll mention, and then hopefully we'll get some questions, I'll remind you again of the Q&A box, but the last thing I wanted to show before we do our last poll is that there's plenty of resources to learn more. So most of the content that I've shared today, there's a fuller and more robust set of data around these top five threats. And so you'll get these slides, I believe, and you can have this link and you can read all about the details, you can get footnotes to the research behind it and everything else. We also have a very good document on exceeding CIPA compliance. I mentioned the importance of exceeding it and not just meeting the bare minimum. And so this document talks about how you bridge from a foundation of robust URL filtering into all of the other threat prevention techniques that make you much more responsible to the important task of securing our students from these top five threats.
Greg Herbold: And some of you might be hands-on kind of people. You might be sitting there saying, "Yup, all right, I'm done listening to this guy. I want to try it. I want to put my hands on it. It can't be as easy as he says." So there's an opportunity for you to get your hands on it. And it's on June 4th, and we call it a UTD, which is fancy code word for Ultimate Test Drive. Everything in tech has to have an acronym, so that's a UTD, an Ultimate Test Drive. It's actually a UVTD these days. It's an Ultimate Virtual Test Drive. So it's now a four-letter acronym. But you can participate in this and learn how to accommodate these things in your environment and see how simple it is.
Speaker 3: Right. And then we did get another question about registering for the June 4th UTD, that I will also include a link to register for that along with the recording for today's webinar and the follow up email that will follow this presentation. If there are no more questions, I would like to thank all of our participants for joining us today for the webinar, the future of cyber secure schools, handling threats to K-12 online student safety, data, and compliance. We hope you found this webcast informative and helpful to you and your organization. I would like to briefly mention some information on Carahsoft. We are a government IT solutions provider, delivering industry leading technology products, services and training to federal state, local, and education customers on behalf of top-tier manufacturers like Palo Alto Networks, AWS, Splunk, Adobe, and VMware.
Speaker 1: Thanks for listening. If you would like more information on how Carahsoft or Palo Alto Networks can assist your educational institution, please visit www.carahsoft.com or email us at paloaltonetworks@carahsoft.com. Thanks again for listening and have a great day.