At C-STEM, we partner with leading academic institutions to deliver robust, non-disruptive identity security solutions. Our recent work with Pembroke College, Cambridge, highlights how deploying Silverfort enables enhanced protection of privileged accounts and service accounts across on-premises infrastructure.
The Challenge: Achieve comprehensive identity security for all Active Directory users
Pembroke College, the University of Cambridge’s third oldest college, recognised the growing risk of unauthorised access to privileged accounts and the limited visibility into service account activities. The team identified a gap in their security infrastructure, as existing measures did not fully address developing risks for protecting on-premises applications and Active Directory authentication processes.
The IT team sought to:
- Enforce MFA on privileged accounts in on-premises infrastructure
- Gain visibility and control over service account behaviours
- Implement security measures without disrupting existing IT operations
As Andrew Baughan, IT Director at Pembroke College, explained, ‘We needed to enforce MFA across all privileged accounts and legacy applications while also improving visibility into identity security gaps. Our existing setup didn’t provide us with the ability to monitor service accounts in real time, and we knew that had to change.’
Finding the right identity security partner
As a regular trusted supplier to Pembroke College, C-STEM has worked closely with their IT team over the past few years. Following a conversation around MFA and privileged access, Tyrone Isitt, C-STEM’s Account Director, introduced the Silverfort solution to Andrew Baughan, Pembroke College’s IT Director, who recognised its potential value after evaluating it alongside other options. Following this assessment, C-STEM showcased the solution at the CITC (Cambridge IT Colleges) event, where other institutions including Trinity College first encountered Silverfort and became a customer.
After the Pembroke College IT team’s careful evaluation, they selected Silverfort for its proven success in seamless MFA enforcement, real-time authentication insights, and agentless integration with Active Directory. The collaborative relationship between C-STEM and Pembroke’s IT department facilitated a smooth adoption process. The IT Department began deploying with a proof-of-concept (POC) on a single domain controller, ensuring a smooth transition before expanding Silverfort across the entire environment. The platform’s ability to analyse authentication requests in real-time and enforce security policies made the implementation efficient and non-disruptive.
‘After reviewing Silverfort’s capabilities, I thought it would be a good fit not just for Pembroke, but potentially for other colleges as well.’ – Andrew Baughan, IT Director at Pembroke College, Cambridge
The Solution: C-STEM and Silverfort
As Andrew Baughan noted: ‘Silverfort has significantly strengthened our identity security, reducing risks and giving us greater confidence in our security posture. The additional visibility into privileged account activity and the ability to enforce MFA on legacy systems have been game-changers for us.’
MFA protection and adaptive identity protection policies
The implementation delivered the following key security capabilities:
- Advanced risk-based authentication
- MFA enforcement for access to sensitive resources from unfamiliar locations
- Securing legacy authentication protocols to prevent unauthorised access
- Command line and RDP security enhancement
- MFA verification for critical administrative operations
- Enhanced authentication for remote sessions and script execution
- Granular control over system administration tools
Service account protection and lateral movement prevention
The implementation transformed Pembroke’s service account management through:
- Automated discovery and control
- Intelligent mapping of service account usage
- Continuous real-time monitoring of service account behaviour patterns
- Real-time detection and prevention of suspicious lateral movement attempts
‘Rolling out Silverfort was incredibly straightforward. We quickly saw value in its ability to enforce MFA on legacy systems without requiring additional software. We also gained crucial insights into our service accounts, which we hadn’t had full visibility into before.’ – Andrew Baughan, IT Director at Pembroke College, Cambridge
Beyond MFA, Pembroke leveraged Silverfort’s behavioural analytics capabilities to detect and address unusual login activities. The team implemented service account segmentation, ensuring they could only authenticate in predefined, secure patterns. This significantly reduced the attack surface and prevented potential lateral movement attacks.
By deploying Silverfort, Pembroke College successfully mitigated identity-based threats, secured privileged and service accounts, and improved its overall cyber security resilience. Their collaboration with C-STEM and Silverfort has been key in building a strong cyber security framework.
Want to know how Silverfort and C-STEM can protect your organisation?
Schedule a quick chat with one of our team members to find out more.