As part of its 5 year strategic plan for IT services, for the University to maintain its competitive edge, its aims to meet the expectation of any device, anytime, anywhere. Student and staff expectations are ever increasing in terms of availability of systems, course materials, delivery models, delivery mechanisms, and support. Technologies need to be up-to-date and support innovation, and the University always needs to be looking to and planning for the future. In addition, compliance is a major feature of University management and effective and efficient information systems are needed to ensure that the University maintains data integrity and is positioned to meet its legal and contractual obligations.
Recognising the continual growth and complexity of IT within the University, the IT services team are engaged in an ongoing programme to assess the effectiveness of new technologies to both help it meet its “any device, anytime, anywhere” aims, while ensuring the highest levels of security across its infrastructure. However, complexity equates to an increased and exposed cyber attack surface. There’s no such thing 100% security, thus breaches must be expected. The issue is around how early can breaches be detected and rapidly closed down before damage is caused?
With the growth of its systems, the IT services team felt that the time consuming manual inspection of application and other logs to detect and respond to security threats was starting to limit the effectives of its capabilities. In response, the team began evaluating a number of Security Information and Event Management (SIEM) solutions to help correlate information and highlight previously difficult to detect security issues across it growing IT estate.
Aberdeen University has 160 members of staff within IT services responsible for, management, operation and support of the University’s wired and wireless networks, server infrastructure, telecommunications, audio visual and media services. The team also supports email and calendaring, web resources, corporate applications, medical illustration, IT training and supporting documentation across multiple sites.
Following an RFP and detailed evaluation process of several SIEM technologies and suppliers, the IT services team selected Encode as its preferred solution provider based on its proven track record and expertise with its preferred SIEM Technology, IBM QRadar. Working closely with consulting and implementation experts from Encode, the University defined a number of key criteria the solution needed to address.
The university has a highly diverse environment including network elements from Cisco, Juniper, F5 Networks, Bluecoat, HP and Radius. The diversity extends to the operating system and application layer, which includes critical software running on Linux, UNIX and Microsoft Windows. The SIEM needed to be seamlessly integrated with this environment and able to adapt to new threats posed by growth of its Bring-Your-Own-Device (BYOD) strategy.
Working closely with Encode, the University deployed a QRadar SIEM and engaged in a structured education programme to transfer the core skills needed to allow the IT services team to manage the platform and quickly gain more visibility into its diverse infrastructure.
QRadar offers a Security Intelligence Platform within a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. The SIEM offers near real-time correlation and behavioural anomaly detection to identify high-risk threats. Working with Encode, the University went through a “tuning” process to ensure that data was correctly flowing into QRadar from over 40 sources including server and network elements.
Encode’s IBM QRadar solution, in context of a large evolving and diverse IT estate, provides a last line of defence against targeted cyber attacks engineered to evade even the most sophisticated perimeter and endpoint defences.