Lax security standards will leave you vulnerable. But overly-sensitive processes yield false alarms that can make it a problem to distinguish between friend or foe. And unfortunately, that problem easily scales.
“Our campus is large,” notes John McGuthry, Vice President and Chief Information Officer (CIO) at California State Polytechnic University, Pomona (Cal Poly Pomona). “Not only from the number of students but in terms of physical size. We have around 1,400 acres and over 100 buildings. We have horse stables. We have farms. The spread for our network infrastructure and the wireless space we maintain is enormous.”
And managing such a massive campus environment was starting to prove challenging for the school’s IT security resources. “We were getting so many device alerts that it could soon become overwhelming,” recalls McGuthry. “The amount of information we were looking at kept increasing. We needed a better way.”
But beyond the sheer size of the environment, Cal Poly Pomona also faced challenges with the various data security standards that it needs to meet. As McGuthry explains: “We have a police force, so there’s compliance standards for law enforcement data. We have a health center, so HIPAA comes into play. There’s a hotel, restaurants, retail—meaning PCI requirements. And along with all of that, we have student information that we need to keep secure.”
To address these challenges, McGuthry wanted to put in place a centralized security information and event management (SIEM) platform that could deliver complex logging capabilities. And following various internal conversations, he was interested in exploring the capabilities offered by IBM Security® QRadar® SIEM, quickly setting up an initial discussion with an IBM Security team.
“After an exhaustive evaluation of QRadar and after speaking with IBM, I called our CISO and said, ‘Let’s do this,’” recalls McGuthry. “It just felt like the best fit for Cal Poly Pomona.”
As part of the initial QRadar SIEM deployment, the IBM Security team along with Cal Poly Pomona staff conducted a comprehensive inventory of the entire architecture, creating a detailed record of the network topology while also identifying all the user roles with data access. Currently around 27,000 active students and 3,000 faculty and staff use the system regularly.
“We also have this large, transient user group of applicants each semester,” notes Carol Gonzales, Associate Vice President for IT Security and Compliance and Chief Information Security Officer at the university. “So that ramps up our user base to around 100,000 in total, which just as quickly ramps back down. We also host a lot of events for the community. And every year we have a graduation ceremony where students’ friends and family all come onto campus. That’s a lot of wireless access.”
With the user roles and inventory identified, QRadar SIEM empowers Cal Poly Pomona to centralize, normalize and analyze incoming data from over 84,000 devices to identify potential threats using machine learning and behavior analytics. On average, this generates roughly 44 GB of logs and reports each day, which from a forensics standpoint, helps simplify compliance and auditing requirements.
In more detail, the actionable alerting functions of the IBM solution can identify intrusion locations quickly and efficiently, flagging them for investigation. Further, QRadar SIEM delivers user behavior analytics that help security staff identify previously undetectable anomalies that might indicate targeted attacks, insider threats or other nefarious activity.
Beyond just security, QRadar SIEM also helps with the university’s education efforts. In particular, at the school’s Mitchell Hill Data Center, College of Business Administration students use IBM technology to gain “real-world” experience as they study cybersecurity.
“It’s an isolated, walled-off architecture that mimics our production environment,” clarifies Dr. Ronald E. Pike, Associate Professor of Computer Information Systems at the university. “Cal Poly Pomona students use it to run their own student-managed security operation center [SOC] where they can use QRadar to observe the traffic moving in and out of the environment. And they can artificially generate additional user activity that provides a consistent baseline of security issues that need to be resolved throughout the semester.”
Further, the IBM technology assists with specialized classes focusing on IT auditing as well as holistic security management, particularly how the various areas of cybersecurity interrelate with one another.
“They also host a number of competitions in the student data center,” adds Pike. “And QRadar is critical in helping to monitor these activities, providing clear assessment data on competitor’s performances.”
QRadar SIEM delivers comprehensive visibility into the entire campus network. And the IBM technology makes it easier to detect attacks targeting previously unidentified vulnerabilities along with advanced, persistent threats. All of which empowers Cal Poly Pomona to identify security weaknesses and intrusions much more quickly. Further, the solution routinely narrows potential alerts each day to between 20 and 40 actionable items to be investigated.
“We can’t check everything, so QRadar aggregates and bubbles up the details that we really need to look at,” explains Gonzales. “For example, we had an incident a few months back where we detected unauthorized changes on several desktops in the same department. With QRadar we quickly identified and reconfigured these systems in that same week. We also, pretty easily, added a widget to our dashboard that lets us keep an eye on that department in case the issue reoccurs.”
And beyond the value delivered by the technology, Gonzales was also pleased with the support offered by the IBM Security team. As she notes: “We really appreciate the value assessments that we do together, where IBM helps us to discover how to work smarter. These assessments help us know which offenses need prioritized. They teach us how to let QRadar do the work for us instead of us trying to manage the tool.”
McGuthry continues, adding: “Beyond the performance of a product, the service really matters. And the experts IBM has provided to us have been invaluable to our university.”
Established in 1938, Cal Poly Pomona (link resides outside of ibm.com) is a leading polytechnic university that focuses on experiential learning and hands-on discovery. The school is located in Pomona, California, and it is comprised of nine distinct academic colleges that collectively offer bachelor’s degrees in 94 majors and 39 master’s degree programs.
Legal
© Copyright IBM Corporation 2023. IBM Corporation, New Orchard Road, Armonk, NY 10504
Produced in the United States of America, November 2023.
IBM, the IBM logo, ibm.com, IBM Security, and QRadar are trademarks or registered trademarks of International Business Machines Corporation, in the United States and/or other countries. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on ibm.com/legal/copyright-trademark.
This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates.
All client examples cited or described are presented as illustrations of the manner in which some clients have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual client configurations and conditions. Generally expected results cannot be provided as each client's results will depend entirely on the client’s systems and services ordered. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.
Statement of Good Security Practices: No IT system or product should be considered completely secure, and no single product, service or security measure can be completely effective in preventing improper use or access. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
The client is responsible for ensuring compliance with all applicable laws and regulations. IBM does not provide legal advice nor represent or warrant that its services or products will ensure that the client is compliant with any law or regulation.