In the face of growing cyber-attacks on the education sector, universities are stepping up their efforts to ward off such threats. The University of Massachusetts, a public research university system with more than 74,000 students enrolled at five campuses, is a case in point. It recently adopted a comprehensive, end-to-end cyber-security platform for its own use and now offers it as a managed service to other schools and business enterprises throughout the state.
The UMass System Office (UMSO) was using a variety of security products and tools, but they were no longer up to the job. “The apps were getting older, and they weren’t doing what we needed or wanted to do,” says Gene Kingsley, director of the security operations center in the UMass President’s Office in Shrewsbury, Mass. The goal was to install a new system in one location and then license it to multiple organizations within the UMass system and beyond.
UMSO wanted a modern, centralized system with continuous monitoring that would provide visibility across the networks of its constituents and actionable intelligence based on data generated by each organization. “Detecting threats is one thing, but being able to negate them quickly is important,” Kingsley observes.
The university needed to incorporate many custom and homegrown log sources and aggregate them into a dashboard with easy-to-understand visuals and drill-down details in real time. Because some constituents operate retail and restaurant facilities, medical and healthcare centers, and bookstores, a new system had to comply with PCI-DSS and HIPAA requirements. Compliance with the National Institute of Standards and Technology information security standards and guidelines was another condition.
Finally, UMSO management wanted a scalable, affordable plan that would help improve cyber-education of the people of the Commonwealth and the region, in support of Massachusetts Governor Charlie Baker’s campaign and the university’s own public service mission.
One Security Platform Meets the University’s Needs
In late 2016, UMSO began considering a number of possible solutions. LogRhythm stood out for the high caliber of its Threat Lifecycle Management (TLM) platform, Kingsley recalls. An in-depth, year-long assessment convinced his team that it was the best choice. The new system went live early this year, and the implementation went smoothly.
“LogRhythm helped us efficiently and smartly transition from the old platform to the new one,” Kingsley remarks. “Our employees were ready to go on day one.” The intuitive design minimized the learning curve, and ongoing training keeps everyone up to speed.
The TLM platform provides a far greater “platter of services” than UMass had before. “This one platform does everything, so there is no need to switch between screens, and the user interface is excellent,” Kingsley says. “Previously, we had to use different products and correlate the data sets from those products.”
Compared with the previous platform, TLM provides better protection. “Before, not every data packet was being analyzed,” he adds. “Now all of them are. We have better visibility and better access to threat data feeds. We can trace threats and learn about them within a protected network.”
Kingsley says the system’s speed is one of his favorite aspects. “When a client had a threat recently, we were able to locate it in a matter of minutes, acknowledge it and remediate it,” he says. “That would have taken days with the old system.” He is looking forward to using the system’s automated response feature, which could handle a situation like this in microseconds.
Another plus: Users have the option of logging in to a web page, using two-factor authentication for security, to look at a dashboard and generate reports. “That allows us to be totally transparent, which is important to us,” Kingsley stresses.
Benefits Include Cost Savings and Public Service
With TLM, UMSO has realized cost and time savings. Interns from the university who work in the Security Office also keep operations lean and efficient while learning on the job. “We are educating students so they can hit the ground running with practical and theoretical knowledge of cyber-security and professional services,” Kingsley says.
Scalability is a huge plus. Flexible licensing and LogRhythm’s scalable architecture will enable UMass to accommodate anticipated growth. It has offered the tailored TLM platform as a managed service to all 24 of Massachusetts’ state universities and community colleges. So far, two UMass campuses have signed on, and the other three are considering it. In addition, four external clients are onboard, and 10 more are in discussions.
Long term, the university plans to offer the service to organizations across New England. “We are using a grant from the National Science Foundation to help serve under-resourced schools,” Kingsley adds.
While the managed service represents a revenue source for the university, profit isn’t the primary motive. “We’re exposing students and other clients to cyber-security, addressing the skills gap and preparing them for jobs,” Kingsley declares. “Improving the innovation economy and making it more robust is absolutely a top priority.”