Case Study
The University of the Witwatersrand in South Africa is using a modern, AI-driven security operations strategy from Palo Alto Networks to stop threats in their tracks – wherever they might attack. A holistic, integrated Cortex XDR and XSOAR platform delivers extended protection, detection, and response across the University’s entire attack chain through attack surface reduction, attack prevention, breach prevention, and response.
Threat actors are watching the University of the Witwatersrand’s (‘Wits’) cybersecurity like hawks. Cybercriminals are continually trolling higher education providers such as Wits, and hacktivists never stop trying to exploit weaknesses to target identity-based data.
The attack surface is vast: 41,000 students across five faculties, 30+ service departments, and more than 3,000 courses. Prior to the Palo Alto Networks partnership, alert noise was high, and Wits’ security team struggled to monitor and respond to every threat. A modern Palo Alto Networks security operations platform, managed by KHIPU Networks, drives continuous and uninterrupted learning and research. Integrated Cortex XDR and XSOAR pinpoint threats in the early phases of the cybersecurity lifecycle, detect anomalies indicative of an attack, and automatically route remediation activities. By protecting the integrity of Wits’ network, Palo Alto Networks is mitigating risk, improving the student and staff experience, and ensuring data privacy
In brief
University of the Witwatersrand
Higher Education
South Africa
41,000 students and staff across five faculties and 3,000+ courses
Palo Alto Networks® AI-Driven Security Operations Platform including:
CHALLENGE
Wits is a multicampus South African university located in Johannesburg. It is internationally acclaimed for its research, high academic standards, and commitment to social justice. The University is home to 41,000 students; almost 1,700 academics; and 6,000 employees.
Just like any education institution, Wits is at daily risk from cyberattacks. Vast volumes of sensitive research and academic data, students connecting from a multiplicity of devices, and the evolving threat landscape make it a prime target for threat actors. Open access to resources needs to be balanced against the need to safeguard data.
Funding and resources compound these challenges. Hement Gopal, Senior Security Engineer at Wits, explains: “Previously, threats were not as sophisticated as they are now. The challenge for my team is to protect the University’s crown jewels with modern, innovative security controls.”
Prior to engaging with Palo Alto Networks and its leading cybersecurity partner KHIPU Networks, Wits’ endpoint security was based on a basic SIEM monitoring tool. “We still had many alerts,” says Hement. “Without automation, our security team was almost overwhelmed responding to them.”
In response, Wits turned to KHIPU Networks’ managed detection and response SOC service. Hement explains: “Higher education needs are very diverse compared to the more controlled private sector. KHIPU Networks has specialist knowledge of the demanding security pressures facing higher education. Security insights are also shared across the KHIPU community, reinforcing collective protection.”
SOLUTION
Wits chose Palo Alto Networks Cortex XDR to underpin its security operations. The modern extended detection and response (XDR) platform protects 300+ servers across the University’s estate. Application-based behavioural analytics pinpoints evasive threats, and machine learning profiles the behaviour to detect anomalies indicative of attack.
Cortex XDR ingests data from multiple University and external sources, including antivirus software, the firewalls, Cisco IPS, and mail gateways. Hement elaborates: “Cortex stitches separate data, alerts, and insights together, giving us a single, consolidated root cause view of incidents and user behaviour.”
The alerts are fed into the KHIPU Networks’ SOC for investigation and follow-up. “The out of hours cyberthreat monitoring doesn’t just alert, it protects against and prevents threats impacting the University’s operations,” says Hement.
The SOC includes Cortex XSOAR to orchestrate incident detection, investigation, and remediation. Playbooks automate routine alert management, route tickets, and support the escalation of more serious risks.
“We receive automated emails with a comprehensive snapshot of an incident,” explains Hement. “It includes everything we need to act. Together, Cortex XDR and XSOAR give us eyes across the entire University estate in one standalone solution.”
RESULTS
Wits’ security-first approach delivers holistic protection across the network, clouds, endpoints, and applications.
The benefits include that it: