The University of Wisconsin Superior, the smallest of the 13 University of Wisconsin schools, has a network with approximately 1,200 computers and a data center with about 50 servers on premise. The network serves around 3,000 students—of which about 500 live on campus—as well as more than 500 staff members.
Though the university is “pretty small,” according to Tom Janicki, the school’s director of Tech Infrastructure Services, it confronts the “same challenges bigger schools have.” One of those critical challenges is maintaining the computer system’s security.
For several years, the school had been using an intrusion prevention system (IPS) that cost around $45,000. Though the system suited the school’s needs, the vendor was going to stop supporting it. The cost of the vendor’s suggested replacement was in the six figure range, and that was “way out of our budget,” Janicki says.
He had to find a solution that would work in light of budget cuts and more rigid rules about what the school could purchase. Shopping around, they looked into a cloud service, but were dismayed to find that the quote was more than twice the price of the IPS vendor quote for the replacement system.
Janicki did some research and found an article that had a review of the AlienVault Unified Security Management (USM) system. He contacted the company and requested its 30-day trial. At the end of the trial, he concluded that the combination of the product’s features and its price made it their best choice.
A Solution That Offers Host-Based Intrusion Detection
“I wanted reporting and expected that,” Janicki says, “but we got way more than we thought we were going to get. I was pleasantly surprised that it was able to do host-based intrusion detection”— a function the university didn’t have before.
Another feature reveals what’s on the network and demands assigned values (based on a scale) for the organization’s assets as part of its calculation for risk alerts. “As a manager and co-CIO here, I see that as an added benefit,” Janicki says, because it forces the organization to follow best practices for security.
“There isn’t a day when there aren’t alarms of some sort,” he observes. With a sensor outside the firewall on the edge of the network, it’s possible to see what attacks were attempted and what stopped them. “It brought to light many things that we never knew about,” Janicki says.
Another plus was the level of service offered. For example, Janicki thought the university would only have access to phone support help—a number to call when there were problems with the implementation. Instead, the school got a block of hours with an engineer who made sure the system would get set up correctly. It also got an over-the-phone training course with an engineer.
The university has been using the AlienVault USM for around two years, and there have been a couple of major upgrades over that time, so the system continues to improve. Janicki reports that the vendor has been responsive to the school’s requests.
“It’s nice to have what I feel is a good relationship with a vendor that takes you seriously, regardless of your size,” Janicki says. “It’s a good fit.”