Securing the ‘Wild Wild West’: USM for Universities
0 likes639 views
The document discusses the security challenges faced by colleges and universities, specifically focusing on Marquette University's approach to unified security management. It highlights the institution's decentralization, resource limitations, and the successes achieved through open-source security tools, including a significant reduction in DMCA violations and improved incident response. Key benefits of this approach include centralized visibility, customization, and the scalability of security solutions tailored to educational institutions.
Securing the ‘Wild Wild West’: USM for Universities
- 1. Securing the “Wild Wild West”: Unified Security Management for Colleges and Universities Justin P. Webb Information Security Officer GCIH, GPEN, GWEB, GCFA Marquette University Sandy Hawke, CISSP VP of Product Marketing AlienVault@alienvault #AlienIntel
- 2. Agenda Introductions Common IT Security Challenges for Higher Education Overview of Marquette University’s approach Security strategy –> Unified Security Management Key Use Cases for USM Benefits & Results Architecture / Deployment Discussion Summary 2
- 3. Introductions 3 Sandy Hawke, CISSP VP, Product Marketing AlienVault @sandybeachSF Justin’s Photo Justin Webb Information Security Officer Marquette University
- 4. Common IT Security Challenges for Universities Decentralized networks without centralized control or visibility Lean IT teams whose members wear lots of hats, security is just one piece of the puzzle Herds of digital natives as end-users (“the click generation”) Compliance pressures (PCI, HIPAA, FERPA, etc.) 4
- 5. POLLING QUESTION #1 What’s your biggest IT Security challenge? 5
- 6. Marquette University Founded in 1881 Wisconsin’s largest private university 11,800 students, 11 schools & colleges Hundreds of servers, thousands of student & lab computers = terabytes of log data across 10G network IT organization operates as the campus ISP IT staff = 60 IT security staff = ~3 (1 FTE, 2 PTE) At-a-glance 6
- 7. IT Security Challenges at Marquette Lack of security visibility Hard to detect and remediate threats Hard to analyze data from disparate sources, log rotation causes gaps in coverage Manual and time-intensive review of terabytes of log data Not scalable, not responsive enough 7
- 8. Marquette’s IT Security Monitoring Program Security Monitoring Solution Looked to open source/OSSIM at first Key Use Cases Log Management: Cisco ACS, Cisco PIX, Cisco ASA, Tripwire Detecting DMCA Policy Violations: NAT’ed IP address translation issues Incident Response: Customized built-in snort rules; Tripwire plug-in Compliance Reporting: PCI, HIPAA, FERPA 8
- 9. Unified Security Management: Benefits & Results Benefits: Centralized visibility Easily customizable Easier incident response / investigations Results: Rapid deployment - less than 2 weeks 80% YoY reduction in DMCA violations 15-25% cost reduction (through time-saving) 9
- 10. AV-USM: Dramatic Reduction in DMCA Violations 10 AV-USM implementation
- 11. Solution Architecture / Deployment 11 • Three-tier architecture (recently added the Logger) • 2-week deployment • Built-in security tools (OSSEC, OpenVAS, Nagios) • Consistent high quality tech support • Future plans • Suricata, more correlation
- 12. POLLING QUESTION #2 What’s your experience with open source security tools? 12
- 13. Key Take-aways Open source security tools may be right for teams who are trying to show need for more investment Consolidation and automation can help small security teams do more with less Configurability allows for novel uses without significant development time Scalability allows any educational institution to tailor system to the size of enterprise 13
- 14. Resources OSSIM Download and Community http://communities.alienvault.com/ AlienVault Repository of Knowledge (ARK) https://alienvault.bloomfire.com/ Marquette University case study http://alienvault.com/c-suite/case-studies/index.html “Five security tips IT personnel wish students knew”: http://www.msnbc.msn.com/id/48782952/ns/technology_and_sci ence-back_to_school/t/security-tips-it-personnel-wish-students- knew/ 14
- 15. Next Steps / Q&A Request an AlienVault USM demo at: www.alienvault.com/schedule-demo.html Request a free trial of AlienVault USM: http://www.alienvault.com/free-trial Not quite ready for all that? Test drive our open source project - OSSIM here: communities.alienvault.com/ Need more info to get started? Try our knowledge base here: alienvault.bloomfire.com These resources are also in the Attachments section Join the conversation! @alienvault #AlienIntel 15
Editor's Notes
- #6: POLLING QUESTION:What’s your biggest IT Security challenge?Concern about audits (either pre- or post-)Lack of security visibilityNot sure how to handle incidents (or suspected ones)Executive management doesn’t “get” securityDoing too many things at once
- #9: Log Management – Cisco ACS, Cisco PIX, Cisco ASA, TripwireDetecting DMCA Policy Violations – needed easier way to translate NAT’ed address back to external IPIncident Response – data center protection – Snort, custom written (by Alienvault) Tripwire pluginCompliance Reporting (PCI, HIPAA, FERPA)
- #10: Benefits:Centralized visibility – network events/threats, user activity, policy violations, etc.Easily customizable (adding data sources, configuring event correlation rules, etc.)Faster, less painful auditsEasier incident response / investigationsResults:Rapid deployment – X weeks80% YoY reduction in malware infections (drop chart in next slide?)15-25% cost reduction – based on the TechValidate survey
- #13: Polling Question #2What’s your experience with open source security tools?I have little to no experience with open sourceI’ve played a little bit with open source, but nothing substantialI use open source security tools (e.g. snort) to show management where the holes areExecutive management won’t let us rely on open source due to lack of support