"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Securing the ‘Wild Wild West’: USM for Universities
1. Securing the “Wild Wild West”:
Unified Security Management for Colleges and Universities
Justin P. Webb
Information Security Officer
GCIH, GPEN, GWEB, GCFA
Marquette University
Sandy Hawke, CISSP
VP of Product Marketing
AlienVault@alienvault
#AlienIntel
2. Agenda
Introductions
Common IT Security Challenges for Higher Education
Overview of Marquette University’s approach
Security strategy –> Unified Security Management
Key Use Cases for USM
Benefits & Results
Architecture / Deployment Discussion
Summary
2
3. Introductions
3
Sandy Hawke, CISSP
VP, Product Marketing
AlienVault
@sandybeachSF
Justin’s Photo
Justin Webb
Information Security Officer
Marquette University
4. Common IT Security Challenges for Universities
Decentralized networks without centralized control or
visibility
Lean IT teams whose members wear lots of hats,
security is just one piece of the puzzle
Herds of digital natives as end-users
(“the click generation”)
Compliance pressures (PCI, HIPAA,
FERPA, etc.)
4
6. Marquette University
Founded in 1881
Wisconsin’s largest private university
11,800 students, 11 schools & colleges
Hundreds of servers, thousands of student & lab
computers = terabytes of log data across 10G network
IT organization operates as the campus ISP
IT staff = 60
IT security staff = ~3 (1 FTE, 2 PTE)
At-a-glance
6
7. IT Security Challenges at Marquette
Lack of security visibility
Hard to detect and remediate threats
Hard to analyze data from disparate sources, log
rotation causes gaps in coverage
Manual and time-intensive review of
terabytes of log data
Not scalable, not responsive
enough
7
8. Marquette’s IT Security Monitoring Program
Security Monitoring Solution
Looked to open source/OSSIM at first
Key Use Cases
Log Management: Cisco ACS, Cisco PIX, Cisco ASA,
Tripwire
Detecting DMCA Policy Violations: NAT’ed IP address
translation issues
Incident Response: Customized built-in snort rules;
Tripwire plug-in
Compliance Reporting: PCI, HIPAA, FERPA
8
13. Key Take-aways
Open source security tools may be right for teams who
are trying to show need for more investment
Consolidation and automation can help small security
teams do more with less
Configurability allows for novel uses without significant
development time
Scalability allows any educational institution to tailor
system to the size of enterprise
13
14. Resources
OSSIM Download and Community
http://communities.alienvault.com/
AlienVault Repository of Knowledge (ARK)
https://alienvault.bloomfire.com/
Marquette University case study
http://alienvault.com/c-suite/case-studies/index.html
“Five security tips IT personnel wish students knew”:
http://www.msnbc.msn.com/id/48782952/ns/technology_and_sci
ence-back_to_school/t/security-tips-it-personnel-wish-students-
knew/
14
15. Next Steps / Q&A
Request an AlienVault USM demo at:
www.alienvault.com/schedule-demo.html
Request a free trial of AlienVault USM:
http://www.alienvault.com/free-trial
Not quite ready for all that? Test drive our open
source project - OSSIM here:
communities.alienvault.com/
Need more info to get started? Try our knowledge
base here:
alienvault.bloomfire.com
These resources are also in the Attachments section
Join the
conversation!
@alienvault
#AlienIntel
15
Notas do Editor
POLLING QUESTION:What’s your biggest IT Security challenge?Concern about audits (either pre- or post-)Lack of security visibilityNot sure how to handle incidents (or suspected ones)Executive management doesn’t “get” securityDoing too many things at once
Log Management – Cisco ACS, Cisco PIX, Cisco ASA, TripwireDetecting DMCA Policy Violations – needed easier way to translate NAT’ed address back to external IPIncident Response – data center protection – Snort, custom written (by Alienvault) Tripwire pluginCompliance Reporting (PCI, HIPAA, FERPA)
Benefits:Centralized visibility – network events/threats, user activity, policy violations, etc.Easily customizable (adding data sources, configuring event correlation rules, etc.)Faster, less painful auditsEasier incident response / investigationsResults:Rapid deployment – X weeks80% YoY reduction in malware infections (drop chart in next slide?)15-25% cost reduction – based on the TechValidate survey
Polling Question #2What’s your experience with open source security tools?I have little to no experience with open sourceI’ve played a little bit with open source, but nothing substantialI use open source security tools (e.g. snort) to show management where the holes areExecutive management won’t let us rely on open source due to lack of support