University of Aberdeen advances security intelligence

Ranked consistently among the top 1% of the world’s universities, Aberdeen is also one of Scotland’s largest with 16,500 students from a community of 120 nationalities. The University IT services team also delivers and protects one of the largest wireless campuses in Europe as part of a strategy to continually improve student accommodation and facilities.

Ranked consistently among the top 1% of the world’s universities, Aberdeen is also one of Scotland’s largest with 16,500 students from a community of 120 nationalities. The University IT services team also delivers and protects one of the largest wireless campuses in Europe as part of a strategy to continually improve student accommodation and facilities.

As part of its 5 year strategic plan for IT services, for the University to maintain its competitive edge, it aims to meet the expectation of any device, anytime, anywhere. Student and staff expectations are ever increasing in terms of availability of systems, course materials, delivery models, delivery mechanisms, and support. Recognising the continual growth and complexity of IT within the University, the IT services team are engaged in an ongoing programme to assess the effectiveness of new technologies to both help it meet its “any device, anytime, anywhere” aims, while ensuring the highest levels of security across its infrastructure. However, complexity equates to an increased and exposed cyber-attack surface. There’s no such thing as 100% security, thus breaches must be expected. The issue is around how early can breaches be detected and end points rapidly closed down before damage is caused? 

Selection criteria

With the growth of its systems, the IT services team felt that the time consuming manual inspection of application and other logs to detect and respond to security threats was starting to limit the effectives of its capabilities. In response, the team began evaluating a number of Security Information and Event Management (SIEM) solutions to help correlate information and highlight previously difficult to detect security issues across it growing IT estate.

Aberdeen University has 160 members of staff within IT services which are responsible for management, operation and support of the University’s wired and wireless networks, server infrastructure, telecommunications, audio visual and media services. The team also supports email and calendaring, web resources, corporate applications, medical illustration, IT training and supporting documentation across multiple sites. Following an RFP and detailed evaluation process of several SIEM technologies and suppliers, the IT services team selected Encode as its preferred solution provider based on its proven track record and expertise with its preferred SIEM Technology, IBM QRadar. Working closely with consulting and implementation experts from Encode, the University defined a number of key criteria the solution needed to address. 

The University has a highly diverse environment including network elements from Cisco, Juniper, F5 Networks, Bluecoat, HP and FreeRadius. The diversity extends to the operating system and application layer, which includes critical software running on Linux, UNIX and Microsoft Windows. The SIEM needed to be seamlessly integrated with this environment and able to adapt to new threats posed by growth of its Bring-Your-Own-Device (BYOD) strategy.

Working closely with Encode, the University deployed a QRadar SIEM and engaged in a structured education programme to transfer the core skills needed to allow the IT services team to manage the platform and quickly gain more visibility into its diverse infrastructure. 

Making the grade

The Security Intelligence Platform offers a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. The SIEM offers near real-time correlation and behavioural anomaly detection to identify high-risk threats. Working with Encode, the University went through a “tuning” process to ensure that data was correctly flowing into QRadar from over 40 sources including server and network elements. 

Encode’s IBM QRadar solution, in the context of a large evolving and diverse IT estate, provides a last line of defence against targeted cyber-attacks engineered to evade even the most sophisticated perimeter and end point defences. Within just two weeks, the IT services team were up and running and able to significantly reduce its largely manual workload associated with correlating security logs across it infrastructure. Using the out of the box rules engines; the SIEM has given the team the ability to be alerted on a number of issues that might arise such as brute force attacks against user logins as well as more subtle attempts to subvert DNS and other core network routing processes. 

QRadar also ties into a number of existing securities software applications and uses correlation across a number of metrics to help reduce false positives and prioritise alerts to focus investigations on an actionable list of suspected incidents. IBM QRadar augments the university’s impressive defence in-depth to provide enhanced security assurance.

“The SIEM means we have the ability to build new rules that can adapt to our evolving IT demands while improving our ability to detect more complex IT security threats and deal with them in a timely fashion,” Garry Wardrope, IT Security Manager adds.

www.encodegroup.com

Read more

Latest News

Read More

Why teams, not individuals, will drive the future

27 November 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

About the Company: Fortress is a purpose driven organisation. “Saving lives by providing the best safety solutions” is at the heart of decision making and

Maru is seeking an enthusiastic and knowledgeable HR Coordinator to join our global HR Team and work alongside our UK HR Manager. This role is

Reporting into the HR Manager, this role is integral to the UK people function in providing a first class, business focused HR solution, in all

About Leader Engineering Leader Engineering is on a mission to transform energy recruitment. For nearly 20 years, we’ve built real, lasting partnerships in the oil

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE