Cybersécurité pour le secteur de l’Éducation

Les violations de la sécurité dans les universités et les grandes écoles ont considérablement augmenté au cours des dernières années. La nature ouverte des systèmes informatiques des campus et la propriété intellectuelle dans ces institutions en ont fait une cible attrayante pour les attaques malveillantes. Les universités et les grandes écoles sont l’objet de piratages, d’attaques par logiciel malveillant, de courriels d’hameçonnage, d’attaques par DDoS et de piratages intentionnels ou accidentels par les étudiants.

Cybersécurité pour le secteur de l’Éducation

Download our solution brief to learn more about how to get going with SIEM and UEBA for educational institutions:

Contactez LogPoint

Prenez contact avec nous via le formulaire et nous reviendrons vers vous le plus vite possible:

LogPoint for University of Bedfordshire

With LogPoint, the University of Bedfordshire’s IT team has:

  • simplified management of network alerts
  • improved their ability to identify incidents requiring action
  • saved on operational costs

By converting data into actionable intelligence and improving their cybersecurity posture, LogPoint has reduced time-consuming analyses of security logs while eliminating the majority of false positives.

University of Bedfordshire Customer Case

Protéger les informations à caractère personnel sensibles et la recherche avancée

Les établissements d’enseignement supérieur stockent de grandes quantités de renseignements personnels provenant des étudiants actuels, des professeurs, des candidats, du personnel administratif, des anciens élèves, des collaborateurs, des participants à la recherche et aux projets, des fournisseurs et des autres parties-prenantes. En outre, ces systèmes informatiques stockent des informations sur la recherche de pointe et des contenus de valeur relevant de la propriété intellectuelle. Malheureusement, les unités d’enseignement supérieur, en particulier les établissements publics, manquent souvent des ressources financières et humaines nécessaires pour mettre en place un plan complet de sécurité de l’information, ce qui compromet leurs objectifs.

Grâce à LogPoint, les établissements d’enseignement supérieur et les universités peuvent s’appuyer sur des analyses avancées, accélérées par l’apprentissage automatique, pour améliorer l’état de la cybersécurité et automatiser efficacement les réponses pertinentes aux menaces internes et externes.

Les menaces

Il existe de nombreux auteurs potentiels d’infractions numériques dans le secteur de l’éducation. Alors que les attaques ciblées n’ont rien d’étonnant, il est impossible d’écarter les étudiants eux-mêmes, qui parfois, parce qu’ils s’ennuient ou sont curieux, peuvent servir de catalyseur à une violation de sécurité. Que ce soit intentionnel ou accidentel, des mesures de protection doivent être mises en place pour empêcher que cela se produise.

Facing a special insider threat

There are many potential threat actors when it comes to breaches in Education: students, faculty, applicants, administrative staff, alumni, collaborators, research and project participants and vendors who access the relatively open academic environment.

However, students are a group of particular interest. Young, energetic and perhaps attending a course in ethical hacking during the day, they might be tempted to test newly acquired skills during the night.

It may be due to boredom or curiosity, that students end up as the catalyst of a breach. Whether intentional or accidental, universities need protective measures in place to face the insider threat.

Download our solution brief to learn about cybersecurity challenges in Education and how LogPoint SIEM and UEBA solutions can help solve them.

LogPoint for User Activity Monitoring

User activity monitoring

User Activity Monitoring has long been the cornerstone of any efficient defense strategy. By design, LogPoint provides analysts with an intuitive and powerful tool to identify malicious activities, create alerts, dashboards, and reports so they can get an overview and counteract immediately. Primarily for data privacy and regulations, user activity monitoring focuses on activities associated with file access. LogPoint can monitor this using native object access audit records. Additionally, LogPoint’s FIM application monitors any access attempts to privileged file share systems and provides information on the type of access and the actions performed in the file. Additionally, the original and the altered checksums can also be compared to better understand access behavior.

Example

Object access attempts

Query

label=Object label=Access | chart count() by user, access, object order by count() desc

LogPoint SIEM use cases Unexpired session durations

Advanced analytics correlation and pattern recognition

By default, LogPoint can perform advanced correlation of any number of data sources – internal, external, or structured. Whether it is something as simple as aggregation between two or more groups of entities such as user and source address for failed logins or combining records in multiple log messages across multiple data sources using join and followed by queries, we will provide you with real-time alerts on risky behavior, and anomalous activities. In LogPoint, Dynamic lists can also be used to perform advanced correlations in a number of ways such as creating a dynamic list with IP addresses or hostnames for vulnerable workstations to identify any potential exploitation of a vulnerability by a threat source.

Example

Unexpired session durations

Query

[ label=Login label=Successful] as s1 left join [label=Logoff] as s2 on s1.logon_id=s2. logon_id | search -s2.logon_id=* | rename s1.user as user, s1.log_ts as log_ts | process current_time(a) as time | process diff(time,log_ts) as duration | chart sum(duration) as duration by log_ts, user order by duration desc

LogPoint SIEM use cases Unexpired session durations

Detecting data staging and exfiltration

Compromised accounts or machines are usually trying to move data into staging areas where they can be easily withdrawn from the organization’s network. While preparing the data for removal, attackers will utilize tools such as PSExec or remote desktop tools. In this case, LogPoint UEBA will detect and highlight anomalous staging and lateral movement including (the highly unusual) intra-workstation high volume data transfers, unusual protocol/port combinations and unusually high amounts of data access.

Example

High Outbound Data Transfer

Query

sent_datasize=* source_address IN HOMENET -destination_address IN HOMENET | timechart sum(datasize/1000/1000) as Outbound Data | search OutboundData>10