Main Nav

We’re considering moving forward with a SIEM package implementation and I’d like to know if any of you use such a tool in your environment and if so maybe you can answer the following?

 

What was the impetus for considering SIEM?

 

What were your (broad brush) criteria (flow analysis, file integrity, general security, log aggregation, PCI compliance, etc) for choosing the product you chose?

 

How many staff are involved with the day to day monitoring and action of monitored events?

 

Are you pleased with the tool you chose and why?

 

Thank you

 

Jamie Arnold

Binghamton University

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Jamie,

    If you're interested in details, I'll put you in touch with our ISO and his team.  I'm not all that close but I can give a high-level perspective:


To answer your question. We don't have a SIEM but have built up a integrated logging environment are we are extending this -- poor man's SIEM. We use our system to be able to demonstrate compliance to our security policies and produce daily reports out of this we review regularly.

As a side comment.

As a member of the REN-ISAC Advisory group I will put in a plug for the REN-ISAC here. This is a question that is much better asked on their security list.

The best information on security is being discussed on the REN-ISAC security lists. I looked and there were close to 2000 messages on the REN list last year across a number of lists.  All the REN security lists are closed and no vendors are on the list. As a result, your security team can get unbiased information from a variety of university sources and feel confident no one will leak information. 

Today there are 358 universities that are members, the list is here - http://www.ren-isac.net/cgi-bin/memberlist.cgi .

There is a small cost to participate in the REN (under a $1000), but most security people that decide to participate say the community is like adding an additional staff member to the security team. If you have a small security team the REN gives you access to an incredible wealth of community expertise. If you have a large security team you probably are utilizing the work products of the REN community.

There is a system called SES -- Security Event System (SES) -- that the REN is working on with funding support from NSF that you might want to look at in thinking about SIEM (http://www.ren-isac.net/ses/ ) . The SES system can compliment your SIEM or can be used as a first step without the major purchase price. 

jack

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2015 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.