Grand Rapids Community College (GRCC) is a multi-campus college with a 27,000-student body, offering more than 5000 classes, seminars, programs, and workshops each year to Michigan’s second largest metropolitan community.

With schools and universities facing malicious cyber attacks at ever-increasing rates, GRCC sought a preventative solution to improve its security posture and lower the risk of critical PCI, PII, and HIPAA data being compromised. The best way to achieve this was to segment their data center with stateful, Layer 7 policy enforcing traffic between applications within their virtual environment.

GRCC determined that the typical segmentation approach of service-chaining together a combination of SDN and NGFW (such as Cisco ACI with PAN VM-Series) would require significant network reconfiguration and would be complex to deploy and manage. Instead, they decided that a distributed, purpose-built segmentation solution would not only give them the application-level control they needed, but as a single system, would be simple, cost effective, and easier to deploy and operate than the alternatives.

GRCC initially deployed vArmour DSS across their virtual environment in TAP-mode, leveraging the solution's built-in analytics to gain visibility into application traffic communication patterns. Once baseline traffic behaviors were established, GRCC was able to move vArmour DSS into Inline mode in less than three hours to begin enforcing segmentation policy based on those behaviors.

With vArmour now fully deployed, GRCC is protecting their critical applications and data with stateful, Layer 7 segmentation policy in their network. vArmour allows the IT security and infrastructure teams to easily manage policy from a single console and automatically apply policy to new workloads through fully integrated vSphere controls. GRCC was able to avoid the cost, complexity, and long-term maintenance of an SDN + NGFW approach, starting segmentation across their virtual environment in just hours with vArmour DSS.