About University of Dayton
The University of Dayton has been recognized by U.S. News & World Report as one of the 10 best Catholic universities in the nation. Founded by the Society of Mary in 1850, the University of Dayton focuses on educating the whole person through a community of challenge and support.
Challenge
The university's IT department is responsible for protecting sensitive information, including personal data on more than 12,000 students and 3,000 faculty members, as well as credit card transactions. "The financial cost of a single security compromise would be enormous," said Randy Hardin, lead systems engineer for the University of Dayton. "But more than that, it would be a huge cost to our mission. We're entrusted with the stewardship of our technology resources. We need to protect these resources while fostering communication as part of the educational experience."
The university had a central log server to collect security events across the network, but it had no way of aggregating the data and performing real-time analysis. "We had a huge pile of data and no way of getting to the few bits of data that were really important to us," said Hardin. "We needed a way to not only analyze this data but also simplify ongoing report creation for PCI compliance. Previously we had to do a lot of manual work to produce reports."
Novell Solution
The university has been using Novell Sentinel™ to detect and log an average three million security events a day. The IT team deployed Novell Sentinel Log Manager to simplify the process of collecting, archiving and analyzing its log data.
"Novell is a trusted vendor of ours and I was excited to see Novell Sentinel Log Manager come out," said Hardin. "It was exactly what we'd been looking for and we were confident that it would integrate well in our environment. We had looked at some open source logging and analysis products, as well as commercial solutions such as LogLogic, and found Novell's product had the flexibility we wanted. Many of the other solutions focus on individual systems and simply aren't broad enough for our diverse computing environment. Novell Sentinel Log Manager allows us to take all the log information and look at it by any parameter. It brings meaning to the hundreds of security logs we receive."
The university has been equally impressed with Novell Sentinel, which it uses to collect security-related events from its firewalls, intrusion detection systems, Novell eDirectory™ entries, Novell Identity Manager and Novell Access Manager™. "The real strength of Novell Sentinel, coupled with Novell Identity Manager, is the ability to clearly connect security events with individual identities, which is critical for achieving PCI compliance," said Hardin.
"Novell Sentinel and Novell Sentinel Log Manager are customizable to the nth degree," said Hardin. "I can select the specific attributes that are important to me and see what's going on at a glance. We can also create custom dashboards for management so they can easily understand our compliance and overall security posture."
Results
Novell Sentinel has worked very well, alerting the security team to potential threats. "Since implementing Novell Sentinel, we have better insight into potential security issues," said Hardin. "If an unauthorized person tries to access a server, I can see the entire event within seconds. It's mind blowing how well that works."
The fully integrated Novell solution intelligently stores, analyzes and reports on security event data. "With Novell Sentinel and Novell Sentinel Log Manager we can analyze data from disparate sources much more efficiently," said Hardin. "The event correlation abilities that tie security events to individual identities are also critical within a PCI environment."
The university can now take a more proactive approach in its security measures. "We need the ability to verify that only authorized users are accessing our systems," said Hardin. "Previously, this was a very time-consuming process. Today, we can examine this data more extensively to keep our systems secure."
Previously, audits of individual queries took upwards of 20 minutes, whereas today that is instantaneous. Moreover, the university has considerably improved the efficiency of security investigations. "Every few weeks, several members of our team might have devoted an entire day to manually correlating events as part of security investigations," said Hardin. "Now that we have Novell Sentinel Log Manager, we're performing security investigations up to 90 percent faster."
The university has been very pleased with the performance of the solution. "Novell Sentinel Log Manager does an amazing job at handling the huge volume of data we're throwing at it," said Hardin. "Within this year, the Novell solution will have easily paid for itself in reduced administrative time, not to mention our improved security posture."