The Apollo Group Challenge Apollo Group is a publicly traded parent company that owns the University of Phoenix and a number of other subsidiaries in the education arena. With 300 physical locations in six countries, 500,000 students, 50,000 faculty and 22,000 employees, Apollo Group has a formidable challenge in securing all its systems, data and endpoints.

Apollo Group needed to be able to meet rigorous audit and compliance requirements for regulations such as SOX and PCI. It also aimed to take its security to the next level and do more real-time correlation and alerting of security events across its entire infrastructure. In building a more mature security operations center, Apollo Group required a fully featured threat and risk management system that could deliver.

Originally, Apollo Group had deployed a product to address these challenges; however, it failed to meet the organization’s requirements over time and had to be re-evaluated. It simply could not scale along with the

Apollo GroupHP Enterprise Security Customer Case Study

HP Enterprise Security Customer Case Study: Apollo Group, parent company of the University of Phoenix and several other higher education institutions, relies on ArcSight ESM to provide visibility and intelligence into its network and to protect against zero day cyberthreats.

Industry: Education

Customer BriefApollo Group, Inc. is one of the world’s largest private education providers and has been in the education business for more than 35 years. The company offers innovative and distinctive educational programs and services both online and on-campus at the high school, undergraduate, master and doctoral levels through its subsidiaries: University of Phoenix, Apollo Global, Institute for Professional Development, College for Financial Planning and Meritus University. The company’s programs and services are provided in 40 states and the District of Columbia; Puerto Rico; Canada; Latin America; and Europe, as well as online throughout the world.

Product(s) •ArcSight ESM

Business Benefits •ArcSight ESM enables Apollo Group to maximize

its visibility and intelligence into its network, and protect against zero day cyberthreats

•Feeds from numerous vendors are easily correlated into events, allowing the security team to act immediately

•Apollo Group can prove it is meeting compliance requirements and can respond to auditor requests quickly and easily

“We are extremely pleased to have ArcSight ESM as the basis for our security foundation. Its versatility and raw ability to combat cyberthreats and risk make it an excellent choice.”

—Scott Carlson, Principal Engineer, Apollo Group Data Center Architecture

pace of business. In a head-to-head competition, ArcSight ESM performed better, offered more features and flexibility, and also ranked highest among industry thought leaders. It quickly became the clear choice.

The ArcSight SolutionArcSight ESM enables Apollo Group to increase its visibility and intelligence into its network and protect against zero day cyberthreats. The organization has a diverse population of technologies and security products (McAfee, Blue Coat, Sourcefire, etc.) and the capability of ArcSight ESM to correlate events across all those logs in real time allows it to respond more quickly to risk and threats.

With ArcSight ESM, Apollo Group has been able to create unique use cases to identify events specific to its environment. One example is preventing student misuse of Internet resources. When students register for a course, they are required to submit homework and interact with their peers and instructor via message boards contained on the classroom portal. With ArcSight ESM, Apollo Group has the ability to monitor for inappropriate actions and take decisive action before anyone’s reputation is negatively impacted.

Apollo Group also specifically protects against data leakage via mobile media. Student loan and other personally identifiable information (PII), for example, must be kept safe. Apollo Group has gone a step beyond usual protocol and has written custom connectors so that employees cannot move that type of data inappropriately through the use of a USB flash drive or email, for that matter.

ArcSight ESM features robust capabilities that can proactively detect a vast range of threats and compliance violations, and respond to them in a timely manner. “The ArcSight solution has become the single pane of glass we look through in our information security operations center,” says Scott Carlson, Principal Engineer of Apollo Group Data Center Architecture.

The ArcSight ImpactThe University of Phoenix, the company’s largest entity, provides industry-leading education to adult learners. A primary goal of Apollo Group was to match that level of leadership and expertise with a world-class security solution that could discover, analyze and remediate cyberthreats. The University of Phoenix needs to constantly adapt to educational trends and student desires for higher learning, and the IT and IS infrastructure supporting it needs to be nimble enough to keep pace.

“Even with the complexity of adding new data centers, tools and devices over time, ArcSight ESM can handle it,” says Bill Thorn, Senior Manager of IT Services for Apollo Group. “Our ability to respond instantly to incidents as they’re occurring, wherever they’re occurring, is a huge benefit and limits any possible damage.”

An important area where ArcSight ESM has helped Apollo Group is in eliminating viruses from the network. Even the latest anti-virus technology cannot catch everything that’s out there. The number of variants is just too great.

“Right away, ArcSight ESM helped us identify systems that had updated anti-virus and endpoint protection, but that were still infected,” says Thorn. “We were able to remediate these systems and eliminate that threat from our environment.”

The comprehensive correlation and reporting capabilities within ArcSight ESM enable Apollo Group to effectively process billions of security events and maintain compliance with SOX and PCI regulations. “With ArcSight ESM, we now have a very solid solution. It provides us with real-time testable security, as opposed to a reactive model where we would generate and keep nightly reports for analysis,” says Carlson. “With ArcSight ESM, not only can we catch a security event very close to when it happens; we can also prove that we’re doing it.”

Looking forward, Apollo Group will continue to integrate, automate and maximize its visibility into what exactly is happening on its network at any given time. It will be aggressively looking at how employees are using the Internet and how malware is coming into the company. “The ability to identify where we’re exposed with malware is going to be very big for us,” says Carlson. “We are extremely pleased to have ArcSight ESM as the basis for our security foundation. Its versatility and raw ability to combat cyberthreats and risk make it an excellent choice.”

© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

All other product and company names may be trademarks or registered trademarks of their respective owners.

ESP-CCS030-031911-03, Created August 2011