Merced College

The unique security challenge of higher education

Higher education institutions face distinctly different IT and security challenges than traditional businesses. These institutions must secure not only faculty and staff, but thousands of students, each with their own devices and varying levels of cybersecurity awareness. Unlike employees, students cannot be mandated to complete security training or adhere to strict protocols. When these challenges are compounded by small security teams operating with limited resources, establishing security controls becomes a significant undertaking.

Building security from the ground up

Merced College is a community college in Merced, California, serving more than 10,000 students.

When Director of Information Security Jagadeesh Reddy Bhimireddy came on board in 2023 to set up a new IT security department, the landscape the security landscape was still maturing and needed modernization  . While they had tools like EDR, firewalls, and SIEM, these solutions didn't talk to each other. The team lacked visibility and context, spent significant  time putting out fires, and faced high Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) due to false positives and no real-time detection capabilities.

Bhimireddy knew he wanted an ecosystem approach rather than stacking point solutions. The institution had already invested in the Darktrace / NETWORK solution, which   became the cornerstone of their new security architecture.

Intelligence at the network level

Upon implementation, Darktrace / NETWORK integrated seamlessly into the security tech stack,  Providing behavioral context to support firewall decisions.

"Instead of working for hours on three incidents, I can use the time to hunt for threats in my environment and do proactive tasks instead of being reactive," said Bhimireddy.

Having a baseline for an operating system is easy, but establishing a baseline for your network is difficult because of its dynamic nature. Said Bhimireddy, “I don’t see any other way other than Darktrace. It learns from our network using unsupervised machine learning and looks at our traffic. Any deviation will be alerted. That’s a beautiful thing.”

This visibility proved critical for detecting threats that other tools miss. Darktrace helps the team keep an eye on novel ransomware activity, lateral movement, and data exfiltration — threats that EDR and XDR solutions can miss.

Taking control within the email threat landscape

While the network situation was improving, email was . Still presenting major challenges. Traditional email gateways couldn't address cases of compromised student accounts sending phishing emails to classmates, and students often clicked malicious links because they came from trusted domains. "It was , very noisy and complex" said Bhimireddy.

Students and staff were also escalating hundreds of suspicious emails that consumed valuable investigation time. Something had to change.

Though Bhimireddy looked at other tools, he recommended the district invest in Darktrace / EMAIL because it integrates  directly with their existing Darktrace / NETWORK solution, closing the feedback loop.

When Darktrace / EMAIL detects a phishing email, it automatically shares threat telemetry with the network layer, firewall, and EDR — blocking malicious connections across the security stack without manual intervention. Without these integrations, the team would have  limited visibility into email-layer threats.

Before Darktrace, investigating each alert took 30-45 minutes per incident. Now, with Darktrace’s autonomous response capabilities, detection and response time  have been reduced to just minutes. For the security team, this means:

Peace of mind after hours: Darktrace can be configured to take autonomous action during off-hours, weekends, and holidays,  reducing the need for 24/7 coverage. "I can  track what's going on with the Darktrace app on my phone," said Bhimireddy “outside of working hours.”

Strategic focus: With more time in their day, the team now focuses on proactive threat hunting, cyber hygiene initiatives, patching and hardening, GRC activities, third-party risk management, and student privacy initiatives.

Advice for other institutions

For other educational institutions facing similar challenges, Bhimireddy offered three recommendations:

• Focus on ecosystem, rather than point solutions: Integrated tools that work together seamlessly are more efficient than stacking disparate solutions.
• Prioritize visibility: Gaining visibility into East-West traffic is critical to get a full picture of risk — choose tools that  do not overlook areas of your ecosystem.
• Take a defense-in-depth approach: Layering multiple security controls supports a true zero trust architecture, also known as a “never trust, always verify” approach.

With cyber threats continuing to evolve in higher education, the right security partner can transform overwhelming challenges into a manageable operation. For Merced College, partnering with Darktrace gave a small team the visibility, automation, and integration they needed,  Helping the district strengthen its security posture in a sustainable and proactive way.

Since implementing Darktrace, Bhimireddy reports that operations "have been very peaceful.”  Darktrace’s integrated ecosystem transformed a  previously disconnected security posture into a proactive defense, allowing the team to move away from constant crisis response and focus on strategic work.

To discover sector-specific recommendations for securing educational institutions – read the Industry Spotlight on Cybersecurity in Education.

‍