Monash University is the largest university in Australia, ranked in the world’s top 100 and a member of the prestigious Group of Eight. Named after Sir John Monash, it was his desire for students to leave the university with a greater sense of purpose, and the skills and confidence to create positive change. In under 60 years, Monash University has grown from a single campus into an education and research powerhouse with a presence on four continents, committed to the challenges of the age.

Their work is making an impact all over the world, from bringing clean water to villages in Africa to creating new life-saving medicines. With four Australian campuses, one in Malaysia, and over 100 international partners, Monash is truly making a difference on a global scale.

With its expanding database and the changing landscape, the University became concerned with its network security controls and visibility to protect its assets. Having critical data sitting on the cloud and network security controls reaching the limit of acceptable risk mitigation, coupled with increasing external threats, Monash was determined to introduce more preventive and detective security controls.

The search for visibility and protection of critical assets

Monash University was keen in attaining the ISO27001 certification for a small subset of clinical registries, further solidifying the need to close the gap in network security. There was the need to protect web applications in multiple cloud environments and support WAF in Azure, AWS and the Google Cloud Platform, whilst maintaining an on-premises footprint for legacy applications.

To find the right solution for their requirements, it had to fit the following criteria: to be a cloud and on-premise, multi-cloud provider, SaaS, with timely delivery and speed of execution.

It was important to find a solution that was fuss-free and would cause minimal disruption to the business and for end users during the deployment. This prompted Edward Messina, IT Security and Risk Manager, Monash University to utilise the University’s Gartner subscription to search for a vendor that can provide the most comprehensive WAF protection with full visibility into threats.

Greater visibility and controls over web security

Through the deployment of Imperva SecureSphere, Monash was able to correlate normal usage patterns and trigger alarms with deviations, have constant application level traffic monitored and prevention against malicious external traffic. The growing concerns around lack of visibility into network layer 7 threats, outdated controls, and the continual shift of the threat landscape motivated Monash University to look into tighter network security solutions. The implementation of SecureSphere WAF, coupled with Incapsula, gave visibility into application threats, identified standard patterns of access to the University’s web applications and to monitor and block suspicious activity. This allows Monash to invest more time into pipeline delivery methods and protect legacy applications instead of redeveloping them, where appropriate. It also reduces reputational risk by creating the ability to provide a conducive teaching, learning and research environment whilst minimising the likelihood of a security incident.

With the University opting for increased web workloads in AWS, the IT Security and Risk team deployed virtual SecureSphere appliances into the cloud environment. More demand eventuated in other cloud environments, such as Google Cloud Platform and Azure for securely delivering web applications to users on the Internet. With changes in infrastructure, there was the need to host BYOL and on-demand licenses on the same platform. Monash looked into securing more licenses across Imperva’s solutions in order to support the increase in capacity. Imperva then recommended FlexProtect as a flexible licensing option, allowing for the University’s files, applications and databases that would be cost effective, scalable, and platform agnostic. This overarching singular versatile approach allows Monash to expand their platforms whether on-premise or in the cloud with peace of mind and great visibility into protecting what matters most to the University