Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report. Smart access integration mitigates risk » ASDA SHOP FLOOR Cortech Developments’ main software product, Datalog 5, now offers full integration... Businesses warned to be extra vigilant with person... » BSIA Information Destruction section has warned businesses to be extra vigilant with personal data a... Osirium accelerates global channel recruitment pla... » · Distributor appointed in Middle East and North Africa (MENA) Reading, UK: Osirium Technologies pl... Misys recognised as leader in FRTB » London, UK: Misys has been recognised as a leader in helping banks meet the requirements of the Fund...

CLICK HERE TO

Aberdeen, Scotland: Encode has helped the University of Aberdeen strengthen security and reduce false positives with a successful implementation of an advanced security intelligence platform.

Ranked consistently among the top 1% of the world's universities, Aberdeen is also one of Scotland’s largest with an IT infrastructure serving over 16,000 staff and students around the clock. As part of an ongoing strategy to deliver secure IT to ‘any device, anytime, anywhere’; the University contracted Encode to help it proactively detect and prevent cyber-attacks through the deployment of an advanced Security Information and Event Management (SIEM) solution.

The university has a highly diverse environment including network elements from Cisco, Juniper, F5 Networks, Bluecoat, HP and Radius. The diversity extends to the operating system and application layer, which includes critical software running on Linux, UNIX and Microsoft Windows. The SEIM needed to be seamlessly integrated with this environment and able to adapt to new threats posed by growth of its Bring-Your-Own-Device (BYOD) strategy.

Working closely with Encode, the University deployed a QRadar SIEM and engaged in a structured education programme to transfer the core skills needed to allow the IT services team to manage the platform and quickly gain more visibility into its diverse infrastructure.

QRadar offers a Security Intelligence Platform within a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. The SIEM provides near real-time correlation and behavioural anomaly detection to identify high-risk threats. Working with Encode, the University went through a “tuning” process to ensure that data was correctly flowing into QRadar from over 40 sources including server and network elements.

Within just two weeks, the IT services team were up and running and able to significantly reduce its largely manual workload associated with correlating security logs across its infrastructure. Using the out of the box rules engines; the SIEM was able to quickly alert the team to a number of issues such as brute force attacks against user logins as well as more subtle attempts to subvert DNS and other core network routing processes.

As Garry Wardrope, IT Security Manager for the University explains, “With Encode’s help we have successfully deployed QRadar and are benefiting from increased visibility across our infrastructure which is vital as we extend the scope and reach of our IT services across more devices.”

QRadar also ties into several existing securities software applications and uses correlation across a number of metrics to help reduce false positives and prioritise alerts to focus investigations on an actionable list of suspected incidents. “The SIEM means we have the ability to build new rules that can adapt to our evolving IT demands while improving our ability to detect more complex IT security threats and deal with them in a timely fashion,” Wardrope adds.