G4S Africa supports small business development thr... » The latest product in the G4S Deposita range is a smart safe system called mini-pay that holds up to... Commissioner's statement following incident in Man... » This is an utterly appalling attack. My thoughts are with the people of Manchester as they try to co... UPDATE: Policing events in the Capital » Following the horrific terrorist attack in Manchester last night, in which 22 people were killed and... Statement from Assistant Commissioner » Statement from Assistant Commissioner Mark Rowley, Head of National Counter Terrorism Policing: The... Met intensifies policing activities in London fol... » The Metropolitan Police Service (MPS) has increased police numbers and operations across the Capital... OF FOOLS OF THE MIDDLE BELT, ONE NORTH AND PASTORA... » Please visit also: www.scorpionnewscorp.com SERIES: BUHARISM AND THE FIERCE URGENCY OF NOW A treat... Home Secretary’s statement on the Manchester attac... » I know that some people will only just be waking up to the news of the horrific attacks in Mancheste... Checkpoint Systems unveils Bug Tag 2 loss preventi... » Checkpoint Systems has announced the launch of Bug Tag 2 – an innovative loss prevention solution th... Edesix launches new head and torso mounted body wo... » Edesix has announced the launch of new head and torso mounted cameras. The X-100 is a side-mounta... Banknote Watch offers essential advice as old £5 i... » As of Friday 5th May 2017, the paper £5 note was officially withdrawn from circulation and no lo...

CLICK HERE TO

Aberdeen, Scotland: Encode has helped the University of Aberdeen strengthen security and reduce false positives with a successful implementation of an advanced security intelligence platform.

Ranked consistently among the top 1% of the world's universities, Aberdeen is also one of Scotland’s largest with an IT infrastructure serving over 16,000 staff and students around the clock. As part of an ongoing strategy to deliver secure IT to ‘any device, anytime, anywhere’; the University contracted Encode to help it proactively detect and prevent cyber-attacks through the deployment of an advanced Security Information and Event Management (SIEM) solution.

The university has a highly diverse environment including network elements from Cisco, Juniper, F5 Networks, Bluecoat, HP and Radius. The diversity extends to the operating system and application layer, which includes critical software running on Linux, UNIX and Microsoft Windows. The SEIM needed to be seamlessly integrated with this environment and able to adapt to new threats posed by growth of its Bring-Your-Own-Device (BYOD) strategy.

Working closely with Encode, the University deployed a QRadar SIEM and engaged in a structured education programme to transfer the core skills needed to allow the IT services team to manage the platform and quickly gain more visibility into its diverse infrastructure.

QRadar offers a Security Intelligence Platform within a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. The SIEM provides near real-time correlation and behavioural anomaly detection to identify high-risk threats. Working with Encode, the University went through a “tuning” process to ensure that data was correctly flowing into QRadar from over 40 sources including server and network elements.

Within just two weeks, the IT services team were up and running and able to significantly reduce its largely manual workload associated with correlating security logs across its infrastructure. Using the out of the box rules engines; the SIEM was able to quickly alert the team to a number of issues such as brute force attacks against user logins as well as more subtle attempts to subvert DNS and other core network routing processes.

As Garry Wardrope, IT Security Manager for the University explains, “With Encode’s help we have successfully deployed QRadar and are benefiting from increased visibility across our infrastructure which is vital as we extend the scope and reach of our IT services across more devices.”

QRadar also ties into several existing securities software applications and uses correlation across a number of metrics to help reduce false positives and prioritise alerts to focus investigations on an actionable list of suspected incidents. “The SIEM means we have the ability to build new rules that can adapt to our evolving IT demands while improving our ability to detect more complex IT security threats and deal with them in a timely fashion,” Wardrope adds.