Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SplunkLive! London 2019: University of Exeter

2,864 views

Published on

Higher Education and Research - actively protecting our investment

Published in: Technology
  • Update on Ace - I have gotten him involved in playing some of the games and I can see a difference in his confidence already! My other dog played along and he became intrigued - now its a daily part of our routine - about 3 times a day we do the shell game and the muffin tin game. I am so grateful for coming upon your training techniques! ●●● http://t.cn/Aie43hbV
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

SplunkLive! London 2019: University of Exeter

  1. 1. Higher education and research – actively protecting our investment Alan Hill Chief Information and Digital Officer
  2. 2. University of Exeter Top 10 Universities in the UK 98% of research rated as international quality
  3. 3. The University as a Business • £100m of research income • £420m turnover • 22,500 students • 4,500 academic and professional staff • 4 campuses in the South West of England
  4. 4. University has economic impact
  5. 5. What we have to protect • All research data is valuable • Intellectual property • Patents • ‘High value targets’
  6. 6. Education • Students as customers • Battle-rhythm of the University • Critical services – Collaborative learning environment – Recruitment and admissions – Online exams
  7. 7. Education • Students as customers • Battle-rhythm of the University • Critical services – Collaborative learning environment – Recruitment and admissions – Online exams
  8. 8. The Threat • What do we look like to an attacker? Inside and outside • Tactics: DDOS, theft, reputation, exploitation • Capability, routes, intent, techniques • Attackers’ options
  9. 9. • One tool to manage security, operations and application development • Minimise training overhead • On-premises option to control costs • Available through contract frameworks Why
  10. 10. Splunk in action for the University The What? MITRE ATT&CK • Tactic: Credential Access – “Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network.“ The How? MITRE ATT&CK • Technique: Kerberoasting • Technique: Credential Dumping • Technique: Brute Force Where to look for? Data Sources • Domain Controller Authentication Logs • PowerShell Logs • Process Monitoring • … https://attack.mitre.org/
  11. 11. Step by Step SIEM Success: Security Monitoring + Forensic The What? MITRE ATT&CK • Tactic: Credential Access The How? MITRE ATT&CK • … • … • Technique: Brute Force • … Where to look for? Data Sources • Domain Controller Authentication Logs • … • … https://attack.mitre.org/
  12. 12. Reality of deployment • Need to truly understand your estate • On-premises comes with its own overheads • Energising the staff for the new capabilities • Ensure you have enough professional service support • Start small and grow big - control the use cases • Keep focused on the business benefits • “No plan survives contact with the enemy”
  13. 13. We’re only just getting started • Splunk is central to our operations • The use cases are growing daily • It’s in action now protecting the University • Tangible value for money

×