Deakin University has migrated its security information and event management (SIEM) to Exabeam following a partnership with security services provider Zirilio.
The Victoria-based university had previously used log aggregator solutions, including from Splunk, to ingest data from its internet and Wi-Fi networks across the Geelong campus.
However, as these lacked the capabilities needed to streamline alerts and analyse behaviour patterns on the network, the IT department found itself investigating potential security incidents in a “reactive” way.
“We needed to establish a more proactive threat detection capability so that the security operations team receives notifications about anomalies as they arise rather than after the fact,” Deakin chief digital officer William Confalonieri told ARN.
“The user base at Deakin can vary from around 5,000 to 50,000 users so the solution needed to cater for such a large fluctuation in numbers,” he said.
In addition, according to Zirilio COO Ryan Mistry, Splunk was “particularly expensive” due to its pay-per-consumption charge. “Every time they go over a GB, they pay. We’re talking hundreds of thousands of dollars,” he said.
Founded in 2012 and based in Melbourne, Zirilio had been a partner of US vendor Exabeam for around a year when it first began pitching its solution to Deakin, 14 months ago.
“I generally don’t partner with vendors unless they have got proven expertise or are listed in the Gartner Magic Quadrant,” he said. ”We had been looking that doing something in the user and analytics space for some time. Some vendors have added it to their capabilities, but don’t specialise in that.”
Having originally worked with the university on its campus Wi-Fi, Zirilio approached its IT department with the Exabeam Advanced Analytics solution as an antidote to its data logging costs and inefficiencies.
“It [the solution] provides a holistic picture of a users’ online behaviour using machine learning and artificial intelligence," Mistry said. "It’s not about being Big Brother, but it’s about anticipating the user’s behaviour and potential threats the company could be hit with.
"If you see they logged in the Wi-Fi one minute from campus then say in another country, we know there is odd behaviour there. It’s not in line with a normal student behaviour. Exabeam solution then talks to the security team and let’s them know it may be worth investigating.”
In addition, the solution operates on a pay-per-person model rather than on users' consumption, meaning further costs are not incurred in cases of data overuse.
At this point, Exabeam was a relatively new player to the Australian analytics market. Founded in 2013, the California-based firm works locally entirely through the channel, using the distributor MTech and around 10 core partners, which include a mix of consultants, professional services and managed services providers.
Over a period of 14 months, Exabeam and Zirilio worked together to bring the solution in line with the university’s needs, while Exabeam own team was responsible for its deployment and execution.
Installed as part of the ‘Deakin Shield’, the university’s cyber security program, the solution has now given the IT department better visibility of its environment and more time to focus on proactive defences, Confalioneri said.
“Security engineers can now spend time improving cyber defences instead of learning how to create anomaly detection and event correlation queries,” he said. “The operational overhead associated with Exabeam is minimal compared to other SIEM solutions that we compared.”
The university is still using Splunk for its ingestion log-in, but will transition the section into Exabeam, which will allow it to “realise the full commercial benefits”,Mistry added.