How LogPoint is helping Lancaster University to achieve central cybersecurity visibility

With LogPoint, Lancaster University has taken cybersecurity to a new level. The LogPoint SIEM solution allows the IT security team to identify privilege misuse, observe trends, and investigate effectively, while also providing a valuable tool to optimize operations. The LogPoint node-based license model allows Lancaster University to process massive amounts of data, without fear of tipping the budget.

Background

Lancaster University ranks consistently among the top 10 universities in the United Kingdom and is a renowned international institution, named International University of the Year in 2020. The university offers students a diverse range of undergraduate and postgraduate courses and is also heavily vested in faculty research and multidisciplinary research.

With over 12,000 students and 2,500 employees within the university’s central Bailrigg campus near Lancaster, campuses in Ghana, China and more international campuses in the works, providing easy access to digital resources is a vital issue for the university. Allowing students, staff and researchers unlimited access to digital resources and supporting efficient online collaboration is essential.

“As a learning institution and research university, we need to be open, but at the same time keep security tight. We must support collaboration, making systems publicly available and enable knowledge sharing. At the same time, we must protect valuable data, the individual and the university reputation,” says John Couzins, IT Security Manager at Lancaster University.

Having central visibility and the ability to enrich logs in LogPoint is incredibly useful from a security perspective. Having identity-enriched logs means that we can spot privilege misuse, observe trends, investigate effectively and pick out issues preemptively before they become an actual problem
John Couzins, IT Security Manager, Lancaster University

The challenge

Situational awareness for the university IT security team starts with the millions of logs generated in the network infrastructure by users, network devices, servers, applications and a multitude of other sources. The logs are the key source of security information that enables the university IT security team to detect potential cyberthreats and breaches and take appropriate action.

“When I started, we dealt with logs in multiple ways across different teams. Various systems, mostly text files, all siloed inside in the different teams, with various retention periods. When it came to investigation, I would manually have to request logs in numerous formats and then stitch them together,” says John Couzins.

For John and his IT security team, getting all log data into one place with the same retention policies,
providing correlation between log sources and enrichment of log data, and also giving individual system owners access their own logs, became a key project.  

While log management was the starting point, the advanced analytics and correlation tools available in a security information event management (SIEM) solution made Lancaster look in that direction. The project was intended to provide a tool for troubleshooting and increasing operational efficiency while providing the IT security team with a solution for cybersecurity analytics and investigation.

The solution:

Download the full case to learn how LogPoint enables Lancaster University to respond to cyberthreats 80-90% faster:

Download customer case