The University of Nottingham has implemented log management technology from LogRhythm.
In order to secure its networks to meet regulatory compliance and optimise its IT operations, the University of Nottingham (UoN) selected technology from LogRhythm and is now generating 26 million logs a day. It has stored over one billion events in the first six weeks since it went into operation.
The university, ranked in the top one per cent of world universities and seventh in the UK for research, reviewed its existing log management system and discovered it did not have the capacity to manage growing data logging needs. The LogRhythm solution will primarily be used to handle longer-term requirements, when logs may need to be stored for anything from six to 18-plus months, and to manage security across the university.
Talking to SC Magazine, Paul Kennedy, security and compliance leader at UoN, said that it was previously using another technology that was smaller and stored 90 days worth of data, which worked as a short-term solution, but they needed a larger capacity and bigger capabilities.
He said: “We looked at other models and open source solutions but with LogRhythm, we were able to hide the data sets where networking was supplied that allowed us to manipulate data within the syslog systems. We wanted more and LogRhythm had an environment management benefit in and compliance data sets with authentication data that allows us to do more with the data.”
He explained that the UoN has three strands of users: as a business it has administration and day-to-day staff; teaching and research; and students. These are all different and have to be managed and with the previous technology, he was able to process logs and store security information, systems and administration, but he needed something more in order to re-use the information.
Upon implementing the technology, Kennedy was able to identify a denial-of-service attack just days later.
“One of the first benefits we received post implementation involved our being able to spot a denial-of-service attack targeting the internet gateway. LogRhythm enabled us to see logs from our switches and firewalls that previously would have been missed, and would have resulted in the university's data processing systems being out of action for an extended period of time,” he said.
Asked about what type of compliance he was required to meet, he said: “We need to comply with the Data Protection Act, we are not directly covered by PCI as we outsource to some partners, but we are finding with cuts there are more requests from research. With our medical school there is a security questionnaire and a security platform for each research group, that needs data storage and we are finding more and more formalisation that we did not need to worry about before.
“We are often asked if we are ISO 270001 compliant, we are not but we are in a position that if we need to be we need to consider how to get there. Also with the Digital Economy Act we are still waiting to see how we are going to be classified and which way it works out, it will determine how we track activity and how to react. Log management can show due diligence regarding information and show what you can do and you can respond accordingly.”
Ross Brewer, vice president and managing director of LogRhythm EMEA, said: “The UoN has taken the step of investing in infrastructure protection that not only meets its needs today, but also anticipates its future requirements. Log analysis and monitoring is a must for many compliance standards today.
“By choosing an automated system with the ability to monitor multiple data sources, process this input intelligently and offer a wide range of capabilities for analysing after data collection, the University of Nottingham has enabled itself to comply with regulations, secure its networks and optimise its IT operations.”