VioPoint

Looking for a one-stop solution to monitor your logs and network, prioritize security incidents, and detect threats that would have been missed by other solutions? Read on to find out how Wayne State University accomplished just that.

Background:

Universities face the unique challenge of balancing two entirely opposed networking requirements. On one hand universities have to provide an open campus network with minimal restrictions while at the same time handle vast amounts of confidential data that require tight security controls. Wayne State University, Michigan's only urban research university, is no different in this respect.

Wayne State University's Computing and Information Technology (C&IT) division manages 10,000 concurrent local hosts and between 45,000-50,000 concurrent remote hosts within its 112 networked buildings that include over 32,000 network ports and 1,000 Meru 802.11n access points on campus. The University's network management team realized the combination of home-brewed products in conjunction with vendor solutions, continued to present event correlation issues. Wayne State needed a solution to monitor and detect all types of traffic running on its networks and identify problems requiring immediate remediation, rather than spending valuable time tracking them down.

The Solution:

The University carefully evaluated several products and chose QRadar from Q1 Labs. QRadar was the only product that provided the institution with all the features and functionality WSU was looking for within one product. These included:

• Traffic to event correlation
• Asset profiles
• Application classification
• Reporting features
• Log management

According to Graydon Huffman, Senior Security Specialist for WSU, "Our major goal in finding a new solution was to get an in-depth glance at our network from a security perspective. There are very few products available that provide easy access to this type of information. Those products that do exist require a steep and complicated learning curve, making it practically impossible to get the same information that QRadar provides.

The Results:

Overall Wayne State has been pleased with their decision to use Q1 Labs QRadar. According to Huffman, "Installing QRadar was a breeze and took approximately 10 hours to get initially configured and running. The results were instantaneous. As soon as the system was up and running, we found close to 20 bot-controlled hosts on the network, which we were able to immediately isolate and remove. If it weren't for QRadar, we would not have known there was a problem until the bots launched and caused increased security risks along with serious network disruptions."

Huffman explained further, "QRadar provides us with a prioritized ranking of what needs to be addressed first based on how important a host is, the severity of an event, and how credible the event is. The ranking is also completely tailored to our environment so we can say what is important rather than a system defining what may be important."

VIOPOINT provides consulting and product based solutions to help clients effectively manage confidential information. We partner with Q1 Labs to help clients secure their application, database, server, and network environments. QRadar gives clients the ability to satisfy auditing and compliance mandates by centrally managing both network and system level event logs.

More information about QRadar is available at q1labs.com