Seijo University Safeguards Every User and Device with Preemptive DNS Security

To achieve this, the University has made continuous infrastructure investments that support bring-your-own-device (BYOD) scenarios. “We have been aiming to provide a learning experience that is not bound by time or location,” says Kazuhiro Igarashi, manager of the institution’s Media Network Center (MNC). Accordingly, the school accommodates the need for students and faculty to access the network using their own devices. In many cases, individual users are likely to engage with multiple devices throughout the day, such as a smartphone, a PC, and a tablet.

At the same time, Mr. Igarashi and his teams are responsible for ensuring the security of all devices accessing the network. Along with its internal security goals, the University must also adhere to stringent network security policies mandated by Seijo Gakuen, the educational organization the school is part of.

THE CHALLENGES

Implementing Secure BYOD with Minimal Impact on Student Freedom

Seijo University has implemented a BYOD system, allowing students to connect their personal PCs and smart devices to the campus network from anywhere on campus while also enabling secure internet access without disrupting students’ time or autonomy. The impetus for focusing on DNS-layer security came from the response to online classes during the COVID-19 pandemic. The University began receiving inquiries from parents asking about security measures the school was implementing in the shift to online learning. “Regarding ensuring security for students taking online classes from home,” Mr. Igarashi explains, “we believed that DNS-layer security, which blocks communication to malicious sites before an attack occurs, would provide the greatest effect with minimal investment.”

The team adopted a DNS-layer security approach, which offers distinct advantages, including affordability and strong protection. It relies on DNS as a security control plane to block access to malicious domains before connections can be established.

And yet, after deploying a cloud-based service, Mr. Igarashi and his colleagues soon discovered that not all DNS security solutions are equally effective. The school encountered numerous issues with the solution it acquired, notably false positives. “After full deployment, legitimate websites were frequently misclassified as malicious and blocked,” he says. Students and faculty routinely filed unblock requests for sites they needed to reach. The high volume of false positives also created a significant burden for the MNC’s limited staff who had to vet each individual complaint. As a result, the MNC “needed better tools to investigate whether reported sites were genuinely harmful,” adds Mr. Igarashi.

Staying abreast of cybersecurity trends, Mr. Igarashi sought solutions that offer higher-quality DNS threat protection while requiring far less effort for all involved, end users and IT staff alike.

THE SOLUTION

Gaining Automated, Preemptive DNS Security with Infoblox Threat Defense™

In his search for the right solution, Mr. Igarashi learned about Infoblox and its pioneering innovations in DNS security. He witnessed Infoblox Threat Defense in action at an Infoblox Exchange hands-on event and was impressed by its capabilities. He and his team were also aware that several other academic institutions in Japan had already adopted the solution with strong success.

In contrast to the University’s initial cloud security implementation, Infoblox Threat Defense offered more accurate and complete threat protection by blocking access not only to a broader spectrum of known threats via reputation and signature-based detection but also to unknown and zero-day threats that other solutions miss. It does so using AI and machine learning to detect the presence of threat infrastructure well before cybercriminals can initiate attacks.

The solution takes advantage of research conducted by Infoblox Threat Intel, the industry’s foremost DNS threat intelligence unit. This team analyzes global DNS traffic daily, updating Infoblox Threat Defense in real time to detect and defend against emerging threats. These mechanisms minimize false positives while enhancing security and reducing operational costs.

Seijo University conducted a proof of concept (PoC) with Infoblox Japan’s support, evaluating detection accuracy, functionality and operational methods. “The PoC compared our existing service against Infoblox Threat Defense. Over three months, we confirmed Infoblox’s higher blocking accuracy and fewer false positives,” Mr. Igarashi says.

What Mr. Igarashi particularly praised was the advanced filtering capability of Infoblox Threat Defense. “I realized that the solution’s category filter allows for granular settings of content categories to block, enabling DNS security with fewer false positives.” He was also drawn to the solution’s preconfigured “feeds” with recommended responses based on threat level, including threats that exploit DNS in zero-day attacks and those that leverage DNS over HTTP (DoH) security measures, among others. “This made me expect that even more flexible and robust DNS security could be achieved,” says Mr. Igarashi.

Moreover, summary reports generated by Infoblox Threat Defense during the PoC period provided detailed explanations about the current security situation at Seijo University. “As expected, we observed several threat trends originating from student networks where blocking thresholds were set more leniently compared to faculty environments. Notably, we were able to detect connections to domains used by unknown threat actors, which reaffirmed the effectiveness of preemptive DNS security,” Mr. Igarashi confirms.

Based on the PoC results and security summary reports, Seijo University determined that Infoblox Threat Defense would not only meet its requirements for tighter security but would also be less disruptive to end users while improving operational efficiency post-implementation.

After formalizing its decision to adopt Threat Defense, Seijo University moved quickly into full-scale operation. The solution now protects all University members, including approximately 5,800 students along with graduate students, faculty and staff for a total of around 7,000 users. Infoblox Threat Defense continuously monitors all devices accessing Seijo University’s network, including all BYOD and University-owned endpoints, for threats other security tools often miss.

THE RESULT

Dramatically Reducing False Positives to Maximize Security Operations Efficiency

Since implementing Infoblox Threat Defense, Seijo University has seen a substantial reduction in false positives. “Requests from users to unblock sites have virtually disappeared,” Mr. Igarashi reports. Additionally, by generating a daily security summary report, the solution provides the MNC with visibility into the types of attacks occurring on the network that it previously lacked. “What surprised us was how it was detecting and blocking DNS-based attacks, which provided new insights into previously unconsidered threats through these reports. This has brought a fresh perspective to our cybersecurity efforts.”

Mr. Igarashi also praises Infoblox Dossier™, an investigative tool included with Infoblox Threat Defense. Dossier compiles intelligence on detected and blocked malware and other threats, dramatically reducing investigation times and boosting operational efficiency. Its standout feature is the ability for security teams to easily access critical security incident details in the workflow. With a single click, users can drill down to gather in-depth threat intelligence.

Previously, Seijo University’s limited IT staff faced cumbersome, time-consuming processes when handling unblock requests, such as manually checking URLs on websites or on malware analysis platforms, like VirusTotal, and verifying DNS cache servers before deciding whether to allow access and notifying users. “In contrast, Dossier allows us to instantly retrieve relevant site information, including suspicious website screenshots, making it easier to determine blocking reasons without direct URL inspection,” Mr. Igarashi notes.

With Infoblox Threat Defense, Seijo University has gained robust and flexible DNS security that offers comprehensive yet nonintrusive protection for all users campus-wide, enabling its BYOD strategy while reducing daily burdens on IT support staff. In conclusion, Mr. Igarashi believes that “the DNS-layer security measures in Infoblox Threat Defense block malicious requests before actual communication occurs, making it the most efficient and cost-effective solution. This reduces the load on downstream security tools and streamlines operations. For resource-constrained educational institutions, preemptive DNS security is undoubtedly the optimal solution.”