Protecting the university from cyber risk
The nearly two-century-old institution is highly rated in the QS World University Rankings for being a comprehensive university combining award-winning research taught in a bilingual setting. Dozens of internationally known research teams prepare a diverse student body, representing more than 100 nationalities, in many disciplines of applied and fundamental research.
To strengthen information security and enhance the protection of students, staff, and the campus enterprise from cyber threats, the university’s CISO and IT Department recently initiated the school’s first Security Operations Center (SOC). The decision to upgrade security came at a time when hackers were zeroing in on European university networks, installing ransomware, and intensifying phishing activity.
The university wanted to strengthen the ability to timely detect and prevent cyberattacks by providing unified insights into the security state of the university, identifying weak spots, and allowing for corrective actions all in a single solution. Legacy applications did not provide a unified view of the school’s security state.
Campus officials chose Elastic Security as the backbone of its newly formed SOC. Boasting a new, robust and flexible security information and event management (SIEM) tool, the campus is capitalizing on a technology equipped with out-of-the-box detection rules for threat hunting and security analytics aligned to the MITRE ATT&CK framework.
Shortly after deployment, machine learning detected and alerted to an external attack on a university Wordpress site before cyber criminals tunneled further into the campus enterprise and wreaked havoc. Previously, legacy technology would have been blind to such threats.
Overall, the European university’s SIEM is paying big security dividends for the university, and other universities are expressing interest in adopting similar security technology.
The university chose Elastic Security because it’s accompanied by a host of features that mitigate risk.
- On-call university engineers receive security alerts at home. The engineers can then trace and mitigate via rapid and precise search, machine-learning-based event detection, graph-based relationship analysis, and custom visualizations for threat hunting and investigation.
- All types of data sources can be ingested, such as endpoints, firewalls, identity and access management, business applications, operating systems and IT technologies. This allows the university to add new data sources to enhance security even more.
- Real-time monitoring with powerful search capabilities and custom dashboards increases the university’s ability to quickly stop and monitor threats.
- Uncovering where an attack originated, how a compromise occurred, and which resources were compromised enables easy event deconstruction to stop an attack and minimize damage.
These and other features were optimized and deployed faster with best-practices guidance provided by Elastic Training to a university Linux System admin.
Optimizing rollout to maximize security
The admin who took the 'Elastic Certified Engineer' training course consumed many of the other official Elastic training courses as part of his annual Training Subscription to give him confidence with the SIEM while still maintaining his duties as a full-time Linux sysadmin.
According to the admin, it was also important that he took advantage of Elastic’s blogs and community at large to guide his progress. He had previous experience using the Elastic Stack for logging university web logs. That use case was his foot into the door that gave him the trust that he could bolster the university’s security operations. He is now transitioning from his Linux system admin role to work full time at the university’s new SOC.
The expanding security footprint
Adopting new technology was among the first technological steps toward further securing the enterprise, the school’s staff, and its students. The university is expanding its security reach as more data points are ingested into a self-hosted Elastic Stack, which powers data ingestion, search, and the visualizing of security threats.