Protecting Educational Communities: A Regional Cybersecurity Approach

A state-funded Regional Security Operations Center (RSOC) partnered with Centripetal to protect dozens of school districts across a wide geographic area. By deploying CleanINTERNET® Enterprise in centralized locations, the program achieved large-scale threat prevention while reducing infrastructure load and operational complexity for underserved communities.

The Challenge

In 2019, a coordinated ransomware attack struck nearly two dozen municipalities simultaneously, overwhelming the state’s limited cybersecurity resources. With only three incident responders statewide, critical systems—including 911 dispatch and utility billing—were encrypted, exposing the vulnerability of smaller communities without dedicated security teams.

The incident led to the state’s first declared cybersecurity disaster and forced leadership to rethink how to provide scalable protection to underserved organizations.

A New Operating Model

In response, the state established Regional Security Operations Centers (RSOCs) hosted at universities. Universities were selected for their built-in talent pipelines, technical ecosystems, and regional presence. Funded through state appropriations, RSOCs provide cybersecurity services at no cost to participating organizations. The program has since expanded to three regional centers, with additional growth planned.

The Solution: CleanINTERNET® Enterprise

One-to-Many Protection

The organization recognized a unique architectural advantage: many school districts receive Internet connectivity through education service centers over dedicated fiber, with all traffic converging at a regional hub. This made it possible to deploy CleanINTERNET at a single point and protect every downstream district.

A proof-of-value deployment quickly demonstrated impact. The security director observed a sharp drop in firewall CPU and memory utilization as CleanINTERNET blocked threats before they reached existing infrastructure. As he summarized, “It was a win-win.”

From Pilot to Program

After approximately a year of consistent results, the initial deployment became the template for expansion. Additional RSOCs began planning deployments using the same centralized architecture.

Architecture

Centralized Protection Points

• Strategic placement: CleanINTERNET appliance is deployed inline, outside the firewall
• One-to-many model: A single device protects 30+ school districts
• Fail-open design: Inline deployment with automatic failover ensures uninterrupted connectivity
• Layered defense: Regional prevention complements endpoint security at individual districts

Operations

The RSOC operates as a Security Operations Center–as–a–Service, staffed by full-time analysts and university students. The student analyst program provides hands-on experience while supporting daily operations and developing future cybersecurity talent. They are supported by dedicated Threat Intelligence Operations analysts at Centripetal, who monitor operations, threat hunt, and provide health reports and metrics.

Results

Quantified Impact

• 2+ billion threats blocked annually at a single education service center before reaching the firewall

Infrastructure Benefits

• Reduced firewall load: CPU and memory utilization dropped sharply after deployment
• Improved efficiency: Threats eliminated before consuming firewall resources
• Simplified deployment: No complex VLANs or mirror ports required

Real-World Validation

In 2024, a school district in the state experienced a ransomware incident traced to a secondary Internet connection that bypassed the protected path. Systems connected through the Centripetal-protected route remained uncompromised. As the security director noted, “The one time we got hit, it was not through Centripetal.”

Key Success Factors

1. Unique Placement Strategy
   Inline, outside-the-firewall deployment blocked threats before they consumed downstream resources.
2. Multi-Source Threat Intelligence
   Aggregated intelligence from multiple premium sources delivered broader coverage than firewall-native or single-feed solutions.
3. Minimal Operational Overhead
   Unlike alert-heavy tools, RuleGate operated quietly and effectively, reducing analyst fatigue and allowing staff to focus on higher-value investigations.
4. Scale Through Centralization
   Protecting at the ISP level enabled coverage for dozens of organizations with minimal hardware and staffing—especially valuable for rural districts with limited IT resources.

Expansion Plans

The program is expanding to additional education service centers using the same centralized model. Future initiatives include:

• Multi-tenant reporting for centralized visibility
• DNS-layer threat protection
• Extending the model to other RSOC-served organizations beyond education

Industry Implications

This deployment provides a scalable blueprint for protecting educational institutions and underserved communities:

• Leverage existing regional infrastructure
• Centralize prevention for one-to-many efficiency
• Partner with universities for talent and operations
• Emphasize inline prevention over detection-only models

Conclusion

By combining state funding, university partnerships, and centralized deployment of Centripetal CleanINTERNET, this program delivers scalable, cost-effective cybersecurity protection to dozens of school districts. The one-to-many architecture enables a level of prevention that would be impractical for individual organizations and now serves as the standard model for the region’s ongoing expansion.