The University of Dayton’s IT department is responsible for protecting sensitive information such as credit card transactions and personal data on more than 12,000 students and 3,000 faculty members. “The financial cost of a single security compromise could be enormous,” said Randy Hardin, lead systems engineer for the University of Dayton. “But, equally important, we need to protect our technology resources without inhibiting the free communication that is an essential part of the educational experience.”
The university had a central log server to collect security events across the complete network, but it had no way of aggregating the data and performing real-time analysis. “We had a huge pile of data and no way of getting to the few bits of data that were really important for security reasons,” said Hardin. The university needed an effective way to analyze the data and simplify report creation for payment card industry (PCI) compliance.
The university was already using NetIQ Sentinel Enterprise to detect and log an average of three million security events a day. The IT team deployed Sentinel Log Manager for simple and speedy log data analysis.
“I was excited to see Sentinel Log Manager come out,” said Hardin. “It was exactly what we’d been looking for, and we were confident that it would integrate well in our environment. We had previously looked at some open source logging and analysis products and some commercial solutions. Many of the other solutions focus on individual systems. Their capabilities simply aren’t broad enough for our diverse computing environment. Only Sentinel Log Manager has the flexibility we need. It enables us to look at all information, by any parameter, and to extract the essential security information and understand its meaning.”
The university has been equally impressed with Sentinel Enterprise, which it uses to collect security-related events from its firewalls, intrusion detection systems, NetIQ eDirectory entries, NetIQ Identity Manager and NetIQ Access Manager. “The essential strength of Sentinel and Sentinel Log Manager, coupled with Identity Manager, is the ability to clearly connect security events with individual identities, which is critical for achieving PCI compliance,” said Hardin.
“Sentinel and Sentinel Log Manager are customizable to the nth degree,” said Hardin. “I can select the specific attributes that are important to me and see what’s going on at a glance. We can also create custom dashboards for management so they can easily understand our compliance and overall security posture.”
Sentinel Enterprise has worked very well, alerting the security team to potential threats. “Since implementing Sentinel, we have better insight into potential security issues,” said Hardin. “If an unauthorized person tries to access a server, I can see the entire event within seconds. It’s mind blowing how well that works.”
The fully integrated solution quickly analyzes massive amounts of data and intelligently reports only the important security events. “With Sentinel and Sentinel Log Manager, we can very quickly analyze data from disparate sources and tie security events to individual identities.”
Previously, audits of individual queries took as much as 20 minutes, but today the IT staff can perform audits almost instantaneously. As a result, the university’s security investigations are much more efficient. “Every few weeks, several members of our team might have devoted an entire day to manually correlating events as part of security investigations,” said Hardin. “Now that we have Sentinel Log Manager, we’re performing security investigations up to 90% faster.”
The university has been very pleased with the solution’s performance versus the cost. “Sentinel Log Manager not only does an amazing job of analyzing the huge volume of data we’re throwing at it,” said Hardin. “Within this year, the solution will have easily paid for itself in reduced administrative time.”