Lax security standards will leave you vulnerable. But overly-sensitive processes yield false alarms that can make it a problem to distinguish between friend or foe. And unfortunately, that problem easily scales.
“Our campus is large,” notes John McGuthry, Vice President and Chief Information Officer (CIO) at California State Polytechnic University, Pomona (Cal Poly Pomona). “Not only from the number of students but in terms of physical size. We have around 1,400 acres and over 100 buildings. We have horse stables. We have farms. The spread for our network infrastructure and the wireless space we maintain is enormous.”
And managing such a massive campus environment was starting to prove challenging for the school’s IT security resources. “We were getting so many device alerts that it could soon become overwhelming,” recalls McGuthry. “The amount of information we were looking at kept increasing. We needed a better way.”
But beyond the sheer size of the environment, Cal Poly Pomona also faced challenges with the various data security standards that it needs to meet. As McGuthry explains: “We have a police force, so there’s compliance standards for law enforcement data. We have a health center, so HIPAA comes into play. There’s a hotel, restaurants, retail—meaning PCI requirements. And along with all of that, we have student information that we need to keep secure.”
To address these challenges, McGuthry wanted to put in place a centralized security information and event management (SIEM) platform that could deliver complex logging capabilities.
QRadar SIEM empowers Cal Poly Pomona to centralize, normalize and analyze incoming data from over 84,000 devices to identify potential threats using machine learning and behavior analytics. On average, this generates roughly 44 GB of logs and reports each day, which from a forensics standpoint, helps simplify compliance and auditing requirements.
“We can’t check everything, so QRadar aggregates and bubbles up the details that we really need to look at.”
Carol Gonzales, Associate Vice President for IT Security and Compliance, Chief Information Security Officer, California State Polytechnic University, Pomona
Beyond just security, QRadar SIEM also helps with the university’s education efforts. In particular, at the school’s Mitchell Hill Data Center, College of Business Administration students use IBM technology to gain “real-world” experience as they study cybersecurity.
“It’s an isolated, walled-off architecture that mimics our production environment,” clarifies Dr. Ronald E. Pike, Associate Professor of Computer Information Systems at the university. “Cal Poly Pomona students use it to run their own student-managed security operation center [SOC] where they can use QRadar to observe the traffic moving in and out of the environment. And they can artificially generate additional user activity that provides a consistent baseline of security issues that need to be resolved throughout the semester.”
Read more about how QRadar SIEM is empowering Cal Poly Pomona HERE.
For any questions or requests contact your IBM Representative today.