Can Big Data Help Universities Tackle Security, BYOD?
Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data analytics technologies to mine the data in their logs and improve their security footing.
Tue, July 31, 2012
CIO — Providing information security for a university is no easy task. Universities must serve large, ever-evolving distributed populations relying mostly on a bring-your-own-device (BYOD) model. Faced with such a daunting challenge, a number of universities are turning to Big Data analytics to tackle the problem.
"As with other universities, we have tens of thousands of users representing an even larger population of networked devices," says Cam Beasley, chief information security officer (CISO) of the University of Texas at Austin. "We have a constant need to identify anomalous user account behavior, detect, locate and quarantine compromised systems in real-time, and correlate events across multiple logging environments to more fully understand potential problems or threats."
UT Austin's Information Security Office (ISO) analysts used to rely primarily on intrusion detection/prevention system (IDS/IPS) appliances and custom developed software tools to monitor the problem. But it was slow and unwieldy; moreover, it didn't fully leverage the goldmine of data ISO had in the form of its log data.
"We wanted to plug into the many different servers and devices downstream that were coming under attack to correlate our network information with actual system log data," Beasley explains. "We didn't want a big, heavy SIEM [security information and event management] product because we hadn't had much luck with them in the past. We needed a more flexible system that we could adapt to our unique needs."
Jason Pufahl, CISO of the University of Connecticut, faced a similar problem.
"Ultimately, every time we needed to do any kind of data mining, it was half a dozen sources using a variety of different tools," he says. "It could only be done by one or two different people [who had the skills to do it]."
Big Data Analytics Helps Universities Mine Log Data
Like more than 275 universities around the world, UT Austin and UConn turned to Splunk.
"Universities have some of the most complex IT infrastructures in the world, and this makes them extremely vulnerable," says Mark Seward, senior director of security and compliance marketing at Splunk. "It's the ultimate BYOD situation. Security threats are constantly evolving. Splunk collects massive amounts of data and helps users detect unknown and persistent threats."