Organization Background

The Corona-Norco Unified School District (CNUSD) is located in Riverside County, California, and serves approximately 54,000 students in Norco, Corona and Eastvale. CNUSD services 51 schools in operation: 33 elementary schools, eight intermediate schools, and eight high schools. Today it remains one of the largest school districts in the state and within the top 100 nationwide.

As CNUSD continues to lead and innovate with transformative technology, its dependence on online resources and curriculum continues to grow. There has been a significant increase in career and technical education (CTE), STEM academies (science, technology, engineering, and math), blended learning to increase student engagement and increase access. Through CNUSD’s CTE pathways/STEM academies, students can graduate with a Cisco Certified Network Associate (CCNA) certification, Solidworks certification, Microsoft Office certifications and many more.

Director of Network and Infrastructure Brian Troudy heads a team of five that oversees all CNUSD’s network and data center operations—encompassing information security, enterprise systems, providing LAN, WAN, and WLAN support.

CNUSD relies on both on-premises next-generation firewalls as well as cloud-hosted solutions to provide the security functions it needs.

Business and Technical Challenge, Part 1

“In March 2016, we noticed that we had some actors attempting to take down a couple of our public facing webservers. From the evidence gathered, we believe that it was student related. They were attempting to, not necessarily compromise our systems, but simply disrupt service and availability of our public webservers and our parent-accessible grading web servers,” said Troudy.

At a school district, you can’t separate the infrastructure from the learning environment. This presents a unique challenge in that someone inside the environment could use the technology for nefarious purposes and cause the systems to go down. Prior to Imperva, one option available to Troudy would have been to severely limit what students could do with the technology for instruction. However, CNUSD’s main objective was to create as little impediment to instructional activities. Therefore, they chose to seek a better option.

Instead, he wanted to continue to grant necessary access to all learning activities while blocking wrongful actions. “There are always students who enjoy being a little mischievous,” acknowledges Troudy. “Five years ago, our primary concern was how to get technology into the classroom for the students to consume. Student skills have accelerated far beyond keyboarding and web-based research to help complete assignments. Their skills are advanced, and now they’re inside our network.” No longer was a potential threat isolated to outside actors.

The Initial Solution

CNUSD sought the help of security analysts. “We asked our analyst what should we be looking at?” says Troudy. “The analyst was very frank in telling us we should look to Imperva and its solutions—they’re the leader in this industry. That’s when we engaged with Imperva’s Incapsula website protection service.”

Troudy needed CNUSD’s solution to be simple to use. “My infrastructure support team is constantly running around putting out fires. I didn’t want a solution that was going to be overly involved on a technical level, one that requires a tremendous amount of professional services or has a steep learning curve. It had to be easy to implement and maintain—even if none of us have touched it for a while. The Incapsula solution met all of those requirements right out of the gate.”

Results and Benefits

Troudy says, “Incapsula website protection onboarding was ultra-simple. We had 20 of our websites protected by Incapsula within a day or two. It was really easy to configure and tune. It was a huge benefit for us to be able to get it in place very quickly. It has exposed us to a tremendous amount of [reporting] visibility that we have not had with other on-premises solutions."

“Incapsula protects against malicious student activities. Even if we had chosen to ratchet everything down on the computers students use to access the internet, they likely would have launched new attacks from their smartphones. Incapsula can block that sort of activity,” says Troudy.

CNUSD has now enjoyed the benefits of Incapsula website protection for 10 months. “Right after deployment, we noticed that the attacks kept increasing in magnitude, but Incapsula successfully fended those off. It keeps our servers online and available.”

Business and Technical Challenge, Part 2

CNUSD’s first and foremost goal is to provide the best instruction possible in a safe and secure learning environment. They noticed that a few students quickly escalated their activities by launching distributed denial of service (DDoS) attacks directly targeting the organization’s internet connection. This rendered the school district’s internet unusable. CNUSD’s content filtering logs revealed access to vBooter, Rage Booter, Booter Box, IP Stresser and others—all DDoS-for-hire services easily accessible by anyone today.

Says Troudy, “All it takes is $7 on a credit card to render my internet connection obsolete.”

CNUSD has several cloud-hosted resources to facilitate student research, blended learning, and online engagement. In addition to being a Microsoft Office 365 subscriber, it relies on cloud-based services such as Blackboard and Canvas. All of those resources were unavailable to the organization as a result of the attacks.

The Add-On Solution

Troudy and his team considered a few other vendors, such as F5 and its Silverline solution. But based on CNUSD’s initial success with the Incapsula website protection, it chose to also onboard the company’s Infrastructure Protection solution.

Imperva Incapsula Infrastructure Protection took CNUSD’s team a bit more time to onboard simply because of the nature of how it works. “We’re still fine-tuning a few small details. From start to finish, the overall implementation ran about two or three weeks,” Troudy says.

Both Incapsula solutions have been well received throughout CNUSD—especially those to whom Troudy reports. In consideration of the two-week downtime period the school district endured prior to Incapsula infrastructure deployment, the organization is pleased he has provided a stable solution to the security problems CNUSD is currently facing. Infrastructure protection having now been in place for two months, he has also been able to show how the solution will protect against such occurrences from happening again.

Troudy is looking ahead to state testing in the spring. At a K–12 school district technology consortium conference in November 2016, he warned the group of the internet security issue, telling other districts to be prepared. Since then a number of them have engaged with CNUSD’s group to learn from their experience, specifically given the simplicity with which a DDoS attack can be launched by anyone at such a negligible cost.

Results and Benefits

By using the Incapsula service, CNUSD has achieved multiple benefits across the organization:

Availability – CNUSD’s systems are online giving students access to the full curriculum of independent study offerings, grades and homework assignments.


Infrastructure protection - students can leverage the school district’s infrastructure as a learning platform when they need it.

Better visibility into website traffic – CNUSD has a granular view of traffic and can identify perpetrators quickly.

Enhanced security – Incapsula WAF provides always-on protection against DDoS attacks and blocks exploit attempts from DDoS-for-hire services.