SIEM in Education - A CIT Use Case

Speakers

Today’s security operations centre (SOC) should have everything it needs to mount a competent defence of the ever-changing information technology (IT) enterprise. This includes a vast array of sophisticated detection and prevention technologies, a set of processes designed for the ever evolving cyber threat landscape, and access to a rapidly expanding workforce of talented IT professionals.

Many IT departments in educational institutions are challenged by limited resources available (hard to find skilled security personnel) and restricted budgets, and seek expertise from managed security services providers to help them deliver a SOC and protect their critical infrastructures from cyber security threats.

To help address these challenges Cork Institute of Technology (CIT) went to tender looking to engage a partner to provide a Security Information & Event Management (SIEM) solution as a service with 24/7 Security Operations Centre (SOC) coverage, including solution deployment and configuration and response to high priority alerts.

CIT, partnering with Zinopy, has deployed Zinopy’s Managed Security Intelligence Service Platform powered by IBM QRadar SIEM.

The solution is unique because it has the optimum combination of People, Process and Technology to provide full visibility into CITs security posture, to rapidly identify threats and to respond efficiently and effectively to thwart the threats. We believe the blended approach using the best of the technology provided by a global player (IBM) and the best of the local player (Zinopy) has delivered a technically advanced, pragmatic and cost effective solution for CIT.

The service builds offenses based on security issues, threats, or policy violations. An offense will contain a complete summarisation of the problem and all contexts (flows and logs) for the purpose of investigating. Security analysts manage cases through their lifecycle complying with the agreed SLA.

Service Methodology

The SOC uses various standard methodologies, including SANS and CREST to formalise this process.
• Security intelligence transforms large amounts of raw security data into meaningful actionable insights by applying real-time correlation and anomaly detection across a distributed and scalable repository of security information.
• The solution provides the Security Intelligence services to cover current and emerging threats and to allow for more proactive security monitoring and response capabilities.
• Zinopy Security Intelligence Platform allows:
Discovery of low and slow threats in real time
Finding and prioritising weaknesses and risks before they are exploited.
Detection of risky user behavioural anomalies that could be indicators of insider threats and fraud.
• The Zinopy SOC uses threat intelligence feeds that provide an updated list of potentially malicious IP addresses and URLs.