Case Study: Grand Canyon Education & IONIX's Success

Effective risk reduction with proactive prevention

Accelerated remediation of critical risks

Automated discovery and assessment

INDUSTRY

Higher Education

USE CASE

Attack surface management and proactive prevention

The Customer

Grand Canyon Education (GCE) is a shared services provider that serves colleges and universities. The company employs thousands of people with revenues near $1 Billion. GCE’s high visibility as a cyber and technology education leader and its relationships with respected affiliations were key drivers behind its focus to stay ahead of a rapidly evolving threat landscape.

“IONIX provides us the strategic advantage of seeing our real attack surface and its digital supply chain, dynamically, in the same way attackers see it.”

Mike Manrod
CISO, Grand Canyon Education

The Challenge

Grand Canyon Education security team’s primary goals were to reduce the attack surface of the organization, elevate the efficacy of security controls, and focus remediation efforts on critical risks. To achieve these goals, GCE knew it needed expanded visibility and dynamic discovery of its assets since growth by any method—organic or via acquisition—can lead to the accumulation of information systems that did not evolve through the normal established process. Finding new and acquired assets was not enough; what was needed was continuous attack surface mapping and vulnerability analysis.

The GCE team understood how legacy applications and infrastructures created a significant attack surface that malicious actors may attempt to exploit. Time is always a factor in preventing cyberattacks that may disrupt business operations and services. Recent attacks utilizing Ransomware as a Service or Affiliate models are cascading into the domain of conventional cybercrime via highly optimized distribution and information sharing models.

With a dynamic and rapidly unfolding threat landscape, the GCE team sought a solution that would automate preventative activities, while providing complete visibility over the full external attack surface. The team needed a solution that was simple, intuitive and easy to leverage across the entire enterprise.

The Solution

Grand Canyon Education understood that an intractable problem for many cyber security teams with limited resources is figuring out the organization’s complete external web footprint, including shadow IT and unauthorized projects. IONIX’s automated discovery of the real attack surface and its digital supply chain – provided the broad visibility.

In particular, GCE had recently acquired a number of third-party resources and IONIX was able to discover and assess these resources automatically.

IONIX attack surface management is delivered as a SaaS platform that requires no installation, configuration, or modification to existing IT. Due to the fast and frictionless deployment, GCE gained immediate visibility into its attack surface and clear action items to effectively reduce risk.

“IONIX was absolutely amazing – the platform helped us to find applications, infrastructure and the associated vulnerabilities we needed to catapult our vulnerability management program ahead of the leading edge of corporate growth.”

Cameron Kownack
Incident Response Analyst at Grand Canyon Education

The Outcomes

Mike Manrod, GCE’s Chief Information Security Officer, saw the value in reducing the overall external attack surface for the organization. By uncovering unknown assets and vulnerabilities, GCE’s vulnerability management and penetration testing teams were able to begin achieving Mike’s goal of finding and resolving critical security flaws. The increased visibility provided by IONIX’s platform has allowed GCE’s cyber security team to proactively discover and remediate critical vulnerabilities. By taking action before hackers are able to exploit these vulnerabilities, GCE continues to prevent significant damage in terms of dollars, brand reputation, operational disruptions or Ransomware attacks. GCE’s high profile continues to make it a target of attempted cyberattacks. However, by reducing the number and criticality of attack vectors, GCE is able to stay one step ahead.