An investment in a cybersecurity monitoring and correlation engine is paying back twofold for Victoria’s Deakin University, which is using the platform both to monitor its internal networks and to give cybersecurity students a live network monitoring platform to learn on.
Deakin’s purchase of the Exabeam Security Management Platform – which the vendor bills as a platform for ‘smarter SIEM, UEBA and SOAR’ – has transformed its network-monitoring capabilities in the six months since it went live, the university’s director for cybersecurity research and innovation Damien Manuel told CSO Australia.
With around 50,000 people connected to “very dynamic” network environments at the university’s three campuses at any given time, he explained, Deakin cybersecurity staff were struggling to keep up with the threat profile.
“We had to use traditional tools, which made it intensive to go through and find the threats. Having this in place helps us streamline a lot of that. It allows us to automate that analysis of the information, bringing attention to elements that should be further investigated. It really helps us understand user and asset behaviour, and to see things we hadn’t seen before.”
Turning better visibility into better training
Deakin’s enthusiasm for Exabeam stems from much more than just its improved network monitoring, however. A key reason that the platform was chosen, Manuel said, was that it has a “friendly and intuitive” user interface that makes engaging with the platform far easier and less imposing than many competing platforms.
“That really helps with a future problem that security operations centres (SOCs) are seeing in the form of high turnover of staff,” he said. “They’re using a high degree of tools that are not necessarily intuitive” and frustration led to high levels of staff attrition.
“The Exabeam environment is forward-leaning and intuitive enough that it really makes the job a lot more interesting,” he added. “People get back to the basics of investigation, discovery, and critical thinking rather than trying to find a needle in a haystack using badly designed tools.”
Easier engagement with the SOC environment led to the decision to integrate the Exabeam platform into Deakin’s cyber security degree programs – including an industry-focused Bachelor of Cyber Security degree that includes placements at Dimension Data and the ANZ and NAB banks.
As part of that course, students are cycled through security operations centre (SOC), consultancy and operational elements of the industry.
“The focus of this degree is to produce graduates that are able to hit the road running,” Professor John Yearwood, head of Deakin’s School of Information Technology, said.
Industry partnerships had seen Deakin students completing professional certifications alongside their academic degrees, he said. “The idea is to provide a much shortened trajectory of working.”
That philosophy had underscored the academic role of the Exabeam platform, whose user-friendly design, Manuel said, made it ideal for giving Deakin’s nearly cybersecurity 700 students access to its live network. Learning in a real environment, he noted, would make the students even more work-ready by the time they graduate.
“We are adding to the program by giving students the ability to see real-world challenges, and to actually work on the tools hands-on,” he said. “It’s not a mockup environment; it’s a real view of what’s going on in Deakin’s environment.”
Automation becomes an automatic reflex
Increasing use of automation has become a mandatory capability amongst cybersecurity circles as data volumes explode and a chronic lack of staff leaves organisations running to keep up with cybercriminals who are proving both resilient and deadly effective in compromising network-security protections.
Gartner coined the term SOAR (Security Orchestration, Automation and Response) last year and offers guidance for a trend that it says will rapidly expand from 1 percent of organisations to 15 percent by 2020.
That growth will be driven by tools like Exabeam’s, which are built around the aggregation and analysis of a range of network security and performance indicators.
“Attacks used to be kind of simple,” Exabeam CEO Nir Polak said. “They were a lot more snatch-and-grab, and you could solve them with very deterministic if-then statements. But today you have a lot more data, coming from the fact that there is simply much more digital footprint. With cloud and IoT, you really start having a data intelligence problem.”