Education/Non Profit

Top European University reduces cyber risk for staff, students with Elastic Security

Securing 20,000+ students and staff from cyber risk

The university has amplified security efficiency and created a secure campus environment

Delivering advanced cyber protection that is simple to deploy and administer

A single university admin who took Elastic Training quickly deployed SIEM

Removing operational inefficiencies to enhance visibility and optimize incident response

Discovered and stopped a password-cracking attack on a web server before hackers tunneled into the campus enterprise

Protecting the university from cyber risk

The nearly two-century-old institution is highly rated in the QS World University Rankings for being a comprehensive university combining award-winning research taught in a bilingual setting. Dozens of internationally known research teams prepare a diverse student body, representing more than 100 nationalities, in many disciplines of applied and fundamental research.

To strengthen information security and enhance the protection of students, staff, and the campus enterprise from cyber threats, the university’s CISO and IT Department recently initiated the school’s first Security Operations Center (SOC). The decision to upgrade security came at a time when hackers were zeroing in on European university networks, installing ransomware, and intensifying phishing activity.

The university wanted to strengthen the ability to timely detect and prevent cyberattacks by providing unified insights into the security state of the university, identifying weak spots, and allowing for corrective actions all in a single solution. Legacy applications did not provide a unified view of the school’s security state.

Campus officials chose Elastic Security as the backbone of its newly formed SOC. Boasting a new, robust and flexible security information and event management (SIEM) tool, the campus is capitalizing on a technology equipped with out-of-the-box detection rules for threat hunting and security analytics aligned to the MITRE ATT&CK framework.

Shortly after deployment, machine learning detected and alerted to an external attack on a university Wordpress site before cyber criminals tunneled further into the campus enterprise and wreaked havoc. Previously, legacy technology would have been blind to such threats.

Overall, the European university’s SIEM is paying big security dividends for the university, and other universities are expressing interest in adopting similar security technology.

Elastic Security helps detect anomalies and cyber threats in our environment with remarkable speed and accuracy thanks to robust machine learning. For our population of more than 17,000 students and about 3,350 staff, their digital experience is protected by Elastic so that everyone enjoys access in a risk-mitigated environment.

– European University CISO

The university chose Elastic Security because it’s accompanied by a host of features that mitigate risk.

  • On-call university engineers receive security alerts at home. The engineers can then trace and mitigate via rapid and precise search, machine-learning-based event detection, graph-based relationship analysis, and custom visualizations for threat hunting and investigation.
  • All types of data sources can be ingested, such as endpoints, firewalls, identity and access management, business applications, operating systems and IT technologies. This allows the university to add new data sources to enhance security even more.
  • Real-time monitoring with powerful search capabilities and custom dashboards increases the university’s ability to quickly stop and monitor threats.
  • Uncovering where an attack originated, how a compromise occurred, and which resources were compromised enables easy event deconstruction to stop an attack and minimize damage.

These and other features were optimized and deployed faster with best-practices guidance provided by Elastic Training to a university Linux System admin.

Optimizing rollout to maximize security

The admin who took the 'Elastic Certified Engineer' training course consumed many of the other official Elastic training courses as part of his annual Training Subscription to give him confidence with the SIEM while still maintaining his duties as a full-time Linux sysadmin.

According to the admin, it was also important that he took advantage of Elastic’s blogs and community at large to guide his progress. He had previous experience using the Elastic Stack for logging university web logs. That use case was his foot into the door that gave him the trust that he could bolster the university’s security operations. He is now transitioning from his Linux system admin role to work full time at the university’s new SOC.

Elastic Training provides a lot of short, on-demand courses with labs covering many topics. There are also longer, more in-depth courses that were very useful, very valuable. I enjoyed the freedom to work self paced. Digesting little blocks of deep information was very valuable.

– University Linux system administrator

The expanding security footprint

Adopting new technology was among the first technological steps toward further securing the enterprise, the school’s staff, and its students. The university is expanding its security reach as more data points are ingested into a self-hosted Elastic Stack, which powers data ingestion, search, and the visualizing of security threats.

Elastic Security with machine learning and alerting was a long overdue investment for the university. I’m confident that, as we add more data sources and focus on security full time, our investment with Elastic will continue to pay even more dividends.

– European University CISO