Securing the ‘Wild Wild West’: USM for Universities

474 views

Published on

Securing the IT environment in today’s college or university is no task for the faint of heart. Find out how AlienVault helped Marquette University

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Securing the ‘Wild Wild West’: USM for Universities

  1. 1. Securing the “Wild Wild West”:Unified Security Management for Colleges and UniversitiesJustin P. WebbInformation Security OfficerGCIH, GPEN, GWEB, GCFAMarquette UniversitySandy Hawke, CISSPVP of Product MarketingAlienVault@alienvault#AlienIntel
  2. 2. AgendaIntroductionsCommon IT Security Challenges for Higher EducationOverview of Marquette University’s approachSecurity strategy –> Unified Security ManagementKey Use Cases for USMBenefits & ResultsArchitecture / Deployment DiscussionSummary2
  3. 3. Introductions3Sandy Hawke, CISSPVP, Product MarketingAlienVault@sandybeachSFJustin’s PhotoJustin WebbInformation Security OfficerMarquette University
  4. 4. Common IT Security Challenges for UniversitiesDecentralized networks without centralized control orvisibilityLean IT teams whose members wear lots of hats,security is just one piece of the puzzleHerds of digital natives as end-users(“the click generation”)Compliance pressures (PCI, HIPAA,FERPA, etc.)4
  5. 5. POLLING QUESTION #1What’s your biggest IT Security challenge?5
  6. 6. Marquette UniversityFounded in 1881Wisconsin’s largest private university11,800 students, 11 schools & collegesHundreds of servers, thousands of student & labcomputers = terabytes of log data across 10G networkIT organization operates as the campus ISPIT staff = 60IT security staff = ~3 (1 FTE, 2 PTE)At-a-glance6
  7. 7. IT Security Challenges at MarquetteLack of security visibilityHard to detect and remediate threatsHard to analyze data from disparate sources, logrotation causes gaps in coverageManual and time-intensive review ofterabytes of log dataNot scalable, not responsiveenough7
  8. 8. Marquette’s IT Security Monitoring ProgramSecurity Monitoring SolutionLooked to open source/OSSIM at firstKey Use CasesLog Management: Cisco ACS, Cisco PIX, Cisco ASA,TripwireDetecting DMCA Policy Violations: NAT’ed IP addresstranslation issuesIncident Response: Customized built-in snort rules;Tripwire plug-inCompliance Reporting: PCI, HIPAA, FERPA8
  9. 9. Unified Security Management: Benefits & ResultsBenefits:Centralized visibilityEasily customizableEasier incidentresponse /investigationsResults:Rapid deployment - lessthan 2 weeks80% YoY reduction in DMCAviolations15-25% cost reduction(through time-saving)9
  10. 10. AV-USM: Dramatic Reduction in DMCA Violations10AV-USMimplementation
  11. 11. Solution Architecture / Deployment11• Three-tier architecture (recentlyadded the Logger)• 2-week deployment• Built-in security tools (OSSEC,OpenVAS, Nagios)• Consistent high quality tech support• Future plans• Suricata, more correlation
  12. 12. POLLING QUESTION #2What’s your experience with open source security tools?12
  13. 13. Key Take-awaysOpen source security tools may be right for teams whoare trying to show need for more investmentConsolidation and automation can help small securityteams do more with lessConfigurability allows for novel uses without significantdevelopment timeScalability allows any educational institution to tailorsystem to the size of enterprise13
  14. 14. ResourcesOSSIM Download and Communityhttp://communities.alienvault.com/AlienVault Repository of Knowledge (ARK)https://alienvault.bloomfire.com/Marquette University case studyhttp://alienvault.com/c-suite/case-studies/index.html“Five security tips IT personnel wish students knew”:http://www.msnbc.msn.com/id/48782952/ns/technology_and_science-back_to_school/t/security-tips-it-personnel-wish-students-knew/14
  15. 15. Next Steps / Q&ARequest an AlienVault USM demo at:www.alienvault.com/schedule-demo.htmlRequest a free trial of AlienVault USM:http://www.alienvault.com/free-trialNot quite ready for all that? Test drive our opensource project - OSSIM here:communities.alienvault.com/Need more info to get started? Try our knowledgebase here:alienvault.bloomfire.comThese resources are also in the Attachments sectionJoin theconversation!@alienvault#AlienIntel15

×