Momentum builds as Critical Communications World d... » Critical Communications World (May 16-18, Hong Kong) is the leading and most influential congress an... New initiative shows increasing importance of CSR » A major new survey on corporate social responsibility (CSR) is now open to electrotechnical busine... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treatise on pastoral jihadism, islamism, arabism a... Commvault partners with Pure Storage » Cisco Live, Melbourne, AU and Tinton Falls, NJ: Commvault has announced the integration of its Commv... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTOR... » A treatise on pastoral jihadism, islamism, arabism and cultural imperialism in Nigeria (Ephesians ... Where was Aisha Buhari when idiot Kumapayi flagr... » "Clip-clip..clip-clip...Did you not hear when BABA DAURA say women's place is in the kitchen?" ... UKCloud launches Disaster Recovery to the Cloud se... » London: UKCloud has announced the launch of Disaster Recovery to the Cloud, a self-service replicati... ADG Holdings bolsters security protection with Tra... » SAN MATEO, CA : TrapX Security™ has announced that ADG Holdings, a provider of proprietary trading a... ExtraHop combines analytics and low-cost storage... » London, UK: ExtraHop has announced several major platform enhancements as part of version 6.2. These... DEFENCE MINISTER MEETS TEENAGERS TAKING PART ... » Defence Minister Earl Howe today met teenagers at the Army’s first ‘Supercamp’, a new initiative whi...

CLICK HERE TO

Aberdeen, Scotland: Encode has helped the University of Aberdeen strengthen security and reduce false positives with a successful implementation of an advanced security intelligence platform.

Ranked consistently among the top 1% of the world's universities, Aberdeen is also one of Scotland’s largest with an IT infrastructure serving over 16,000 staff and students around the clock. As part of an ongoing strategy to deliver secure IT to ‘any device, anytime, anywhere’; the University contracted Encode to help it proactively detect and prevent cyber-attacks through the deployment of an advanced Security Information and Event Management (SIEM) solution.

The university has a highly diverse environment including network elements from Cisco, Juniper, F5 Networks, Bluecoat, HP and Radius. The diversity extends to the operating system and application layer, which includes critical software running on Linux, UNIX and Microsoft Windows. The SEIM needed to be seamlessly integrated with this environment and able to adapt to new threats posed by growth of its Bring-Your-Own-Device (BYOD) strategy.

Working closely with Encode, the University deployed a QRadar SIEM and engaged in a structured education programme to transfer the core skills needed to allow the IT services team to manage the platform and quickly gain more visibility into its diverse infrastructure.

QRadar offers a Security Intelligence Platform within a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. The SIEM provides near real-time correlation and behavioural anomaly detection to identify high-risk threats. Working with Encode, the University went through a “tuning” process to ensure that data was correctly flowing into QRadar from over 40 sources including server and network elements.

Within just two weeks, the IT services team were up and running and able to significantly reduce its largely manual workload associated with correlating security logs across its infrastructure. Using the out of the box rules engines; the SIEM was able to quickly alert the team to a number of issues such as brute force attacks against user logins as well as more subtle attempts to subvert DNS and other core network routing processes.

As Garry Wardrope, IT Security Manager for the University explains, “With Encode’s help we have successfully deployed QRadar and are benefiting from increased visibility across our infrastructure which is vital as we extend the scope and reach of our IT services across more devices.”

QRadar also ties into several existing securities software applications and uses correlation across a number of metrics to help reduce false positives and prioritise alerts to focus investigations on an actionable list of suspected incidents. “The SIEM means we have the ability to build new rules that can adapt to our evolving IT demands while improving our ability to detect more complex IT security threats and deal with them in a timely fashion,” Wardrope adds.