Cybersicherheit für Bildungseinrichtungen

Sicherheitsverstöße an Universitäten und Hochschulen haben in den letzten Jahren drastisch zugenommen. Die offene Struktur der Campus-IT-Systeme und das wertvolle geistige Eigentum in diesen Einrichtungen haben sie zu einem verlockenden Ziel für böswillige Angriffe gemacht. Universitäten und Hochschulen sind anfällig für Hacker-Attacken, Malware-Angriffe, Phishing-E-Mails, DDoS-Angriffe und absichtliches oder zufälliges Hacking durch Studierende.

Cybersicherheit für Bildungseinrichtungen

Download our solution brief to learn more about how to get going with SIEM and UEBA for educational institutions:

Kontaktieren Sie LogPoint

Treten Sie mit uns über das Formular in Kontakt und wir kommen so schnell wie möglich auf Sie zu.

LogPoint for University of Bedfordshire

With LogPoint, the University of Bedfordshire’s IT team has:

  • simplified management of network alerts
  • improved their ability to identify incidents requiring action
  • saved on operational costs

By converting data into actionable intelligence and improving their cybersecurity posture, LogPoint has reduced time-consuming analyses of security logs while eliminating the majority of false positives.

University of Bedfordshire Customer Case

Sicherung sensibler personenbezogener Daten und moderner Forschung

Hochschulen und Universitäten speichern große Mengen personenbezogener Daten der aktuell Studierenden, der Fachbereiche, von Bewerbern, Verwaltungspersonal, Absolventen, Mitarbeitern, Forschungs- und Projektteilnehmern, Lieferanten und anderen Akteuren. Darüber hinaus speichern diese IT-Systeme modernste Forschungsdaten und wertvolles geistiges Eigentum. Leider fehlen den Bildungseinrichtungen, insbesondere den öffentlichen, oft die finanziellen und personellen Mittel, die für einen umfassenden Datensicherheitsplan erforderlich sind, was eine erhebliche Gefahr für die Geschäftsziele der Institutionen bedeutet.

Mit LogPoint können Hochschuleinrichtungen durch Machine Learning beschleunigte Advanced Analytics nutzen, um ihre Cybersicherheitslage zu verbessern und die entsprechenden Reaktionen auf interne wie externe Bedrohungen effizient zu automatisieren.

Bedrohungen

Wenn es um Verstöße in Bildungseinrichtungen geht, kommen viele potentielle Akteure in Frage. Gezielte Angriffe sind vielleicht keine Überraschung, sie sollten aber auch die Studierenden selbst nicht außer Acht lassen, die manchmal, aus Langeweile oder Neugierde, zum Auslöser eines Vorfalls oder Verstoßes werden. Doch egal, ob absichtlich oder unbeabsichtigt gehackt wird – Sie müssen Schutzmaßnahmen einführen, um Sicherheitsvorfälle generell zu verhindern.

Facing a special insider threat

There are many potential threat actors when it comes to breaches in Education: students, faculty, applicants, administrative staff, alumni, collaborators, research and project participants and vendors who access the relatively open academic environment.

However, students are a group of particular interest. Young, energetic and perhaps attending a course in ethical hacking during the day, they might be tempted to test newly acquired skills during the night.

It may be due to boredom or curiosity, that students end up as the catalyst of a breach. Whether intentional or accidental, universities need protective measures in place to face the insider threat.

Download our solution brief to learn about cybersecurity challenges in Education and how LogPoint SIEM and UEBA solutions can help solve them.

LogPoint for User Activity Monitoring

User activity monitoring

User Activity Monitoring has long been the cornerstone of any efficient defense strategy. By design, LogPoint provides analysts with an intuitive and powerful tool to identify malicious activities, create alerts, dashboards, and reports so they can get an overview and counteract immediately. Primarily for data privacy and regulations, user activity monitoring focuses on activities associated with file access. LogPoint can monitor this using native object access audit records. Additionally, LogPoint’s FIM application monitors any access attempts to privileged file share systems and provides information on the type of access and the actions performed in the file. Additionally, the original and the altered checksums can also be compared to better understand access behavior.

Example

Object access attempts

Query

label=Object label=Access | chart count() by user, access, object order by count() desc

LogPoint SIEM use cases Unexpired session durations

Advanced analytics correlation and pattern recognition

By default, LogPoint can perform advanced correlation of any number of data sources – internal, external, or structured. Whether it is something as simple as aggregation between two or more groups of entities such as user and source address for failed logins or combining records in multiple log messages across multiple data sources using join and followed by queries, we will provide you with real-time alerts on risky behavior, and anomalous activities. In LogPoint, Dynamic lists can also be used to perform advanced correlations in a number of ways such as creating a dynamic list with IP addresses or hostnames for vulnerable workstations to identify any potential exploitation of a vulnerability by a threat source.

Example

Unexpired session durations

Query

[ label=Login label=Successful] as s1 left join [label=Logoff] as s2 on s1.logon_id=s2. logon_id | search -s2.logon_id=* | rename s1.user as user, s1.log_ts as log_ts | process current_time(a) as time | process diff(time,log_ts) as duration | chart sum(duration) as duration by log_ts, user order by duration desc

LogPoint SIEM use cases Unexpired session durations
LogPoint SIEM use cases High Outbound Data Transfer Screen K

Detecting data staging and exfiltration

Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.

Example

High Outbound Data Transfer

Query

sent_datasize=* source_address IN HOMENET -destination_address IN HOMENET | timechart sum(datasize/1000/1000) as Outbound Data | search OutboundData>10