Founded in 1347 by Marie de St Pol, Countess of Pembroke, Pembroke College is the third oldest of the University of Cambridge's 31 constituent colleges. Today, it is a vibrant academic community comprising approximately 473 undergraduates, 295 postgraduates, 78 Fellows, and 175 staff members. The college is renowned for its excellent teaching and research, consistently achieving high academic standings within the university.

Pembroke College's IT department recognised the growing risk of unauthorised access to privileged accounts and the limited visibility into service account activities. The team identified a gap in their security infrastructure, as existing measures did not fully address developing risks for protecting on-premises applications and Active Directory authentication processes.

The IT Department sought a solution that would enforce MFA on all privileged users, provide visibility into service accounts, and integrate smoothly with their existing environment without causing disruptions.

As a regular trusted supplier to Pembroke College, C-STEM has worked closely with their IT team over the past few years. Following a conversation around MFA and privileged access, Tyrone Isitt, C-STEM's Account Director, introduced the Silverfort solution to Andrew Baughan, Pembroke College's IT Director, who recognised its potential value after evaluating it alongside other options. Following this assessment, C-STEM showcased the solution at the CITC (Cambridge IT Colleges) event, where other institutions including Trinity College first encountered Silverfort and became a customer.

After the Pembroke College IT team’s careful evaluation, they selected Silverfort for its proven success in seamless MFA enforcement, real-time authentication insights, and agentless integration with Active Directory. The collaborative relationship between C-STEM and Pembroke's IT department facilitated a smooth adoption process. The IT Department began deploying with a proof-of-concept (POC) on a single domain controller, ensuring a smooth transition before expanding Silverfort across the entire environment. The platform’s ability to analyse authentication requests in real-time and enforce security policies made the implementation efficient and non-disruptive.

MFA protection and adaptive identity protection policies

As Andrew Baughan noted: "Silverfort has significantly strengthened our identity security, reducing risks and giving us greater confidence in our security posture. The additional visibility into privileged account activity and the ability to enforce MFA on legacy systems have been game-changers for us."

The implementation delivered the following key security capabilities:

ADVANCED RISK-BASED AUTHENTICATION

• MFA enforcement for access to sensitive resources from unfamiliar locations

• Securing legacy authentication protocols to prevent unauthorised access

COMMAND-LINE AND RDP SECURITY ENHANCEMENT

• MFA verification for critical administrative operations

• Enhanced authentication for remote sessions and script execution

• Granular control over system administration tools

Service account protection and lateral movement prevention

The implementation transformed Pembroke’s service account management through:

AUTOMATED DISCOVERY AND CONTROL

• Intelligent mapping of service account usage

• Continuous real-time monitoring of service account behaviour patterns

• Real-time detection and prevention of suspicious lateral movement attempts

Beyond MFA, Pembroke leveraged Silverfort's behavioural analytics capabilities to detect and address unusual login activities. The team implemented service account segmentation, ensuring they could only authenticate in predefined, secure patterns. This significantly reduced the attack surface and prevented potential lateral movement attacks.

By deploying Silverfort, Pembroke College successfully mitigated identity-based threats, secured privileged and service accounts, and improved its overall cybersecurity resilience. Their collaboration with C-STEM and Silverfort has been key in building a strong cybersecurity framework.