Cybersecurity for education
The open nature of campus networks and IT systems, and the presence of valuable intellectual property have made Educational institutions an enticing target for malicious attacks on and off campus.
Providing free and easy access to digital resources is a key issue for Universities across the world. New generations of students and researchers have high expectations for free and easy access, but there are growing concerns about safety and privacy.
At the same time, educational institutions keep large amounts of personal data from students, faculty, applicants, administrative staff and alumni while storing state-of-the-art research and valuable intellectual property. Sensitive data and a large attack surface make universities a vulnerable target.
LogPoint has worked with universities and colleges for years and have received great peer reviews. Based on this experience, we have developed cybersecurity use cases that help create a safer digital environment and support more efficient cybersecurity operations. Use cases include:
- Cybersecurity and Compliance
- Safeguarding Students using Big Data, not Big Brother
- Strengthening Security and Eliminating False Positives
- Preventing copyright Infringement
With LogPoint, colleges and universities can leverage advanced analytics, accelerated by Machine Learning, to improve their cybersecurity posture and efficiently automate relevant responses to both internal and external threats.
Download our solution brief to learn more about how to get going with SIEM and UEBA for educational institutions:
Get in touch with us and learn why leading brands choose LogPoint:
LogPoint for University of Bedfordshire
With LogPoint, the University of Bedfordshire’s IT team has:
- simplified management of network alerts
- improved their ability to identify incidents requiring action
- saved on operational costs
By converting data into actionable intelligence and improving their cybersecurity posture, LogPoint has reduced time-consuming analyses of security logs while eliminating the majority of false positives.
In addition to the technical challenges in Cybersecurity, Educational institutions are facing a separate issue in Safeguarding students. Essentially it is preventing and protecting students from exposure to materials that may cause themselves or other individuals to come to harm.
The safeguarding approach many Universities take is to block specific websites entirely, limit internet usage on public networks, and closely monitor the activity taking place there. However, this approach contradicts the goal of providing free and easy access to digital resources.
What is needed is context, and that’s where the analytical power of the LogPoint SIEM and UEBA solutions, based on Machine Learning, can help. Universities can correlate behavior and metrics to make informed decisions – quickly and efficiently, to safeguard students.
There are many potential actors when it comes to breaches in the educational industry. While targeted attacks are perhaps not a surprise, you shouldn’t discard the students themselves, who sometimes, due to boredom or curiosity, may end up as the catalyst of a breach. Whether intentional or accidental, you need protective measures in place to prevent it from happening.
User activity monitoring
User Activity Monitoring has long been the cornerstone of any efficient defense strategy. By design, LogPoint provides analysts with an intuitive and powerful tool to identify malicious activities, create alerts, dashboards, and reports so they can get an overview and counteract immediately. Primarily for data privacy and regulations, user activity monitoring focuses on activities associated with file access. LogPoint can monitor this using native object access audit records. Additionally, LogPoint’s FIM application monitors any access attempts to privileged file share systems and provides information on the type of access and the actions performed in the file. Additionally, the original and the altered checksums can also be compared to better understand access behavior.
Object access attempts
label=Object label=Access | chart count() by user, access, object order by count() desc
Advanced analytics correlation and pattern recognition
By default, LogPoint can perform advanced correlation of any number of data sources – internal, external, or structured. Whether it is something as simple as aggregation between two or more groups of entities such as user and source address for failed logins or combining records in multiple log messages across multiple data sources using join and followed by queries, we will provide you with real-time alerts on risky behavior, and anomalous activities. In LogPoint, Dynamic lists can also be used to perform advanced correlations in a number of ways such as creating a dynamic list with IP addresses or hostnames for vulnerable workstations to identify any potential exploitation of a vulnerability by a threat source.
Unexpired session durations
[ label=Login label=Successful] as s1 left join [label=Logoff] as s2 on s1.logon_id=s2. logon_id | search -s2.logon_id=* | rename s1.user as user, s1.log_ts as log_ts | process current_time(a) as time | process diff(time,log_ts) as duration | chart sum(duration) as duration by log_ts, user order by duration desc
Detecting data staging and exfiltration
Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.
High Outbound Data Transfer
sent_datasize=* source_address IN HOMENET -destination_address IN HOMENET | timechart sum(datasize/1000/1000) as Outbound Data | search OutboundData>10