Pearson VUE aces data safety with Microsoft Sentinel across a multicloud and hybrid environment

If you’ve ever sweated over an upcoming exam, you’re not alone. Pearson VUE knows that test anxiety is one of the top five life stresses. The worldwide exam provider works hard to make the test experience as stress-free and smooth as possible, and it insists on protecting test takers from those who would corrupt results by cheating or stealing exam content. Based in Bloomington, Minnesota, Pearson VUE (Virtual University Enterprises) provides exams for professional certifications ranging from higher education entrance tests to regulatory driver’s licensing—qualifications that can truly be life-changing. In support of its commitment to both exam candidates and to the companies and agencies that need qualified people, Pearson VUE works hard to secure all of its data, including test questions. 

Like many companies that have operations around the globe today, Pearson VUE has a mix of clouds (including Microsoft Azure and Amazon Web Services), compliance standards, data, and subscriptions to manage. Its high-scoring answer to the data safety question: one security information and event management (SIEM) solution to collect data across all cloud and on-premises workloads, geographies, apps, and subscriptions for a single view—Microsoft Sentinel.

Building security to protect trust

A growing threat landscape complicates that security promise for Vladan Pulec, Enterprise Architect at Pearson VUE. “The level of cyberattack sophistication is exponentially increasing,” he explains. “Malicious actors are also getting more aggressive and causing greater harm.” The growth of a work-from-anywhere culture places intensified demands on cybersecurity—even with a well-protected corporate device, an employee using an untrusted network or public wireless network can unknowingly expose company data. And during COVID-19, remote testing became the norm, opening the door for further abuses. Compliance regulations from multiple countries and regulatory bodies add another layer to protecting digital assets. 

With careers on the line, test takers invest a lot of time and energy in preparing for certification exams. On the other side of the exam screen, Pearson VUE is equally committed to protecting the interests of both candidates and certification-granting bodies. “No one wants to be on the front page because of a data breach,” says Craig Bushman, Vice President of IT for Marketing at Pearson VUE. “It’s vital to our company that we protect all data. We have very strict security protocols for these high stakes exams to keep them fair and honest. We commit to a significant yearly investment to develop multiple forms for exams and test delivery systems, so protecting that content from leaks is imperative.”

Making the most of cloud-based security and compliance capabilities

With so much at stake for the company and its customers, Pearson VUE was drawn to the Zero Trust security framework, which requires continual validation of user identities. “On-premises networks weren’t created with Zero Trust in mind,” says Pulec. “By moving to the cloud, we’ve been able to implement Microsoft trust concepts like Conditional Access and segmenting our networks even more than we would normally do on-premises, and we’ve adopted some of the more modern security concepts.”

His team relies on the integrations and connectedness woven into Microsoft solutions for easier management and security across the estate, protecting employees’ content with Microsoft Defender solutions. For example, it uses Microsoft Defender for Cloud to give visibility across its multicloud environment and Microsoft Defender for Endpoint to stop threats across servers and network devices. “I appreciate how Microsoft Security solutions work so well together,” says Pulec. “It’s easy to quickly enable them in most cases because they’re native and well supported. That’s a huge benefit for us.”

The team must also factor in compliance regulations from multiple countries and regulatory bodies. “Compliance is a big deal for Pearson VUE,” explains Pulec. “We probably have the most compliance standards to meet of any Pearson company.” That’s one reason that Pearson VUE’s choice of Azure as its cloud platform pays off. “With Azure, a data certification regulation that applies for one of our products can be applied across all regions,” says Pulec. “That makes it substantially easier to use than other clouds, which are more piecemeal. I also find Defender for Cloud invaluable to quickly identify how our controls match to various sectional compliance standards.”

Constantly assessing its cybersecurity posture, the Pearson VUE team took a hard look at tooling. Its dual clouds—coupled with its on-premises datacenter—challenged the visibility so key to maximizing security team effectiveness. It found the solution with Microsoft Sentinel, which it installed in late 2020.

Saving time and costs with Microsoft Sentinel

The security team prioritized its choice of SIEM. Pearson VUE initially used Splunk for that functionality and for log injection needs, but the application didn’t fit its multiple platforms. And Pearson VUE’s enormous volumes call for a sophisticated solution. The company delivers an exam about every two seconds 24 hours a day, 7 days a week from upwards of 20,000 test centers in more than 180 countries and territories. That means high volumes of data from the millions of exams delivered annually—exam content, and results—which translates to about 19 million monthly events across all the company’s subscriptions—linked with more than 150 data connectors.

That translates to two issues. First, Pearson VUE’s high data volumes demand cost-effective data storage solutions. Pulec points out that Pearson VUE faced double costs with Splunk because it collected data in one cloud and sent it to another location—incurring transfer charges followed by additional costs for storage in the Splunk datacenter, which was more expensive than cloud storage.

Secondly, clearing the “noise” coming from the Splunk on-premises firewall greatly increased costs. Pearson VUE solved that issue by migrating its data to Microsoft Sentinel, a cloud-native SIEM that facilitates larger data log collection at a lower cost. Perhaps most importantly for Pulec’s nimble team, Microsoft Sentinel uses Azure Log Analytics to automatically send logs directly to cloud. The cybersecurity team saves valuable time because the built-in AI and machine learning in Microsoft Sentinel push out actionable alerts to the team from Azure Log Analytics, consolidating visibility. Everything from Azure, Pearson VUE’s other clouds, and its datacenters flows into one SIEM. “Having a single pane of glass is critical in our ability to quickly respond to threats,” says Pulec. “We use Microsoft Sentinel to see everything that’s going on in our estate—whether from Microsoft or non-Microsoft security solutions—and be as proactive as possible.”

Pearson VUE’s wide range of applications necessitates the use of some specialized tools, but Pulec’s team pulls data from all of them into Microsoft Sentinel for a complete picture. For example, it uses Contrast Security, a runtime application self-protection (RASP) tool to protect some of its applications at the code level. The RASP technology detects and analyzes tainted data at a highly granular level, which allows it to greatly reduce false positives while also catching sophisticated attacks. Pearson VUE cybersecurity experts ingest that telemetry into Microsoft Sentinel. “We can ingest telemetry from other firewalls and from RASP, both on-premises and in the cloud,” says Pulec. “The easy interoperability among Microsoft Sentinel and so many other solutions make it easier for us to standardize procedures and achieve greater cybersecurity.”

The team prefers Microsoft Sentinel for strategic reasons, too. “Microsoft commits significant resources and funding to continually improving Microsoft Sentinel,” adds Pulec. “And I appreciate the collaborative approach Microsoft takes by having its team meet with ours to share advice on implementation details, and fast-track issue resolution”

Moving ahead with connected Microsoft Security solutions

Pearson VUE’s success story with Microsoft Sentinel quickly reached its parent company. Pearson corporate will soon roll out the solution.

Meanwhile, Pearson VUE has its own plans to complete integration with GitHub Enterprise (to receive notifications of unusual behaviors related to access of their code repositories) and Contrast Security. It’s moving ahead with a focus on using its Microsoft Sentinel data to examine unusual access patterns to its databases and rolling out Microsoft Defender for Cloud Apps, all in support of a continually evolving, improving security posture. “We’ve earned the loyalty of our customers because of the breadth of our footprint, our substantial investment to develop state-of-the-art test delivery systems and exam content, and the fact that we provide the most secure, positive, and frictionless experience possible,” says Bushman.

Pulec now has the tools he needs to protect that trust. “We don’t have to expand our small team with our Microsoft Security solutions,” says Pulec. “Our team better understands our applications and products, and it uses those tools to proactively fine-tune security. That flexibility is an ongoing, long-term benefit for Pearson VUE.”

Find out more about Pearson VUE on Twitter, Facebook, and LinkedIn.