Secure this .edu, and you can secure anyone

About Norwich University

It’s the vaunted and very complicated Norwich University: America’s first private senior military college that develops the nation’s commissioned officers. 

Norwich has a Center for AI, and another for Cybersecurity and Forensics Education and Research. The school is recognized as a Center of Excellence by the National Security Agency and Homeland Security. It’s the birthplace of the Reserve Officers' Training Corps (ROTC), with programs in national security, cybersecurity, and a Joint Special Operations University.

As schools go, it’s fair to say this one has off-the-charts sophistication and standards. 

More than 3,400 students and about 1,000 staff call Norwich University home. Their small security team is tasked with managing a sprawling ecosystem that includes many student systems that they have little control over. 

Faculty and students have virtual free reign to explore topics and websites that would be blocked by most organizations – like weapons intelligence and offensive cybersecurity tools. This community can and should learn by traveling to dark, crime-infested corners of the internet. They should go to sketchy websites. They should understand dark web marketplaces and malware.  

“We can only have so much insight on what students do,” said Noah Binette, a Security Analyst at Norwich. “We try to be very proactive with staff and faculty because they’re employees of the university, and we try to cover where we can on students. But inevitably, something will slip through the cracks just because of who and how big that population is.”

About a year ago, Norwich was struggling with the ever-increasing cost of securing itself.

According to Binette, Rapid7 broke the old, stubborn tradeoffs between money and investigative certainty when things are so complex:

We can ingest all this log data now for one price. We can do investigations and discovery and dig wherever we need to. Before, we had to pick and choose – you would look at what you got when you opened the box, and had to navigate cautiously from there. It felt limited. Rapid7 is more comprehensive, with more visibility, context, and details.
- Noah Binette, Security Analyst

The Norwich security team relies on Rapid7’s integrated, intuitive, AI-powered platform of solutions that continuously learn and adapt. They’ve been InsightVM customer for many years. 

When it came time to replace Norwich’s SIEM and MSSP service, the team evaluated several options. They added Rapid7’s elite MDR service – Managed Threat Complete – in 2023 and Threat Command in 2024, which Binette describes as “incredibly useful and enlightening.”

Managed Threat Complete: “Because we can’t work 24 hours a day, seven days a week.”

Chip Bacon is Norwich’s Associate Vice-President for Information Security and CISO. He says his evaluation of 24/7 managed service providers started where everyone’s does: humans sleep. 

The school’s first MDR service was small and limited with off-hours coverage. When an alert popped up, there was often a fair bit of delay between the event occurring and the team being alerted. If something happened on a Friday, the team might not find out about it until Monday. And that’s a big problem if someone enters your systems. “The response times that we’ve seen from Rapid7 have been just a huge breath of fresh air,” Bacon said.

The last time Rapid 7’s MDR spotted a problem, Bacon received an email within 10 minutes and a call to his cell phone within 15. Of course, Rapid7 had already knocked the offending system offline.

It had all been quarantined. And that’s exactly the kind of thing we were looking for. If something happens in the off-hours, they will quarantine it so we can deal with it on Monday, or we’re going to get a phone call anyway at home on a cell phone. We know what’s going on. We’re getting visibility.
- Chip Bacon, Associate Vice-President for Information Security & CISO

Is Norwich University a challenging school attack surface to secure? Yes. And it’s hard to think of anything more important than protecting educational institutions like Norwich. They not only develop the nation’s future Generals and Admirals, but also the next generation of cyber warriors, engineers, nurses, teachers, and business leaders. For the students to live by the Norwich motto  – “I Will Try!” – we need to set them free, and keep them safe so that they can go far, go further, and go beyond. Rapid7 is there for that.

手軽に実現できる、プロフェッショナルなエンド-エンドのSOCオペレーション