Deakin University has deployed US-based Exabeam’s security information and event management (SIEM) platform to augment its existing capabilities and streamline alerts.
Deakin’s chief digital officer, William Confalonieri, told iTnews the university needed a flexible, user-friendly platform that could easily scale from 5,000 users on the network between semesters, and 50,000 during peak usage.
The uni also uses a log aggregator, which generates a huge number of alerts and notifications on the network that can be difficult for security operations staff to sift through.
After searching the market, the university settled on Exabeam’s Advanced Analytics Platform to streamline and present alerts generated by Deakin’s existing tools in a more digestible, actionable manner.
It does this by using machine learning to profile the IT environment and its users, Exabeam chief executive Nir Polak told iTnews, to build a user profile that identifies users’ habits - including where on the network they go, when, and on which devices they access different apps and sites - in a manner similar to banks’ efforts to ferret out cases of credit card fraud.
That enables the system to log obvious examples of fraud where a student might click on a link to a malicious website, or bring an infected device onto the network, while also providing detailed incident logs to establish timelines of attacks that have a more slow and subtle progression.
Confalonieri said detection of anomalous activity quickly allows security operations analysts to “respond to alerts out of the box, without too much customisation,” meaning staff can then focus their efforts on improving cyber defences “instead of learning how to create anomaly detection and events correlation queries, which was incredibly time-consuming”.
That’s an added bonus to Deakin’s security team, which Confalonieri described as “small but agile”, with emphasis placed on opportunities to save time and resources.
At the moment, the new security management platform is augmenting the work done by the Deakin’s legacy Splunk solution, which doesn't feature machine learning analytics capabilities.
There’s more to Deakin and Exabeam’s relationship than the typical customer-vendor setup, however.
Not only was the curriculum for the university’s cybersecurity degree informed by Exabeam’s industry insights, but students across the broader School of IT are also invited to participate in work experience programs with the company.
The jobs mainly consist of job-shadowing to give students a leg-up in the job market upon graduation, but Polak admitted it also plays into the company’s desire to expand in the Australian market.