Grand Canyon Education Reduces Attack
Surface Risk

The Customer

Grand Canyon Education (GCE) is a shared services provider that serves colleges and universities. The company employs thousands of people with revenues near $1 Billion. GCE’s high visibility as a cyber and technology education leader and its relationships with respected affiliations were key drivers behind its focus to stay ahead of a rapidly evolving threat landscape.

“IONIX provides us the strategic advantage of seeing our real attack surface and its digital supply chain, dynamically, in the same way attackers see it.”

Mike Manrod
CISO, Grand Canyon Education

The Challenge

Grand Canyon Education security team’s primary goals were to reduce the attack surface of the organization, elevate the efficacy of security controls, and focus remediation efforts on critical risks. To achieve these goals, GCE knew it needed expanded visibility and dynamic discovery of its assets since growth by any method—organic or via acquisition—can lead to the accumulation of information systems that did not evolve through the normal established process. Finding new and acquired assets was not enough; what was needed was continuous attack surface mapping and vulnerability analysis.

The GCE team understood how legacy applications and infrastructures created a significant attack surface that malicious actors may attempt to exploit. Time is always a factor in preventing cyberattacks that may disrupt business operations and services. Recent attacks utilizing Ransomware as a Service or Affiliate models are cascading into the domain of conventional cybercrime via highly optimized distribution and information sharing models.

With a dynamic and rapidly unfolding threat landscape, the GCE team sought a solution that would automate preventative activities, while providing complete visibility over the full external attack surface. The team needed a solution that was simple, intuitive and easy to leverage across the entire enterprise.

The Solution

Grand Canyon Education understood that an intractable problem for many cyber security teams with limited resources is figuring out the organization’s complete external web footprint, including shadow IT and unauthorized projects. IONIX’s automated discovery of the real attack surface and its digital supply chain – provided the broad visibility.

In particular, GCE had recently acquired a number of third-party resources and IONIX was able to discover and assess these resources automatically.