Case Studies Changing the rules of the game for cybersecurity

Edit This Case Study Record

	Changing the rules of the game for cybersecurity

Changing the rules of the game for cybersecurity

Technology Category	Cybersecurity & Privacy - Endpoint Security Cybersecurity & Privacy - Intrusion Detection Cybersecurity & Privacy - Network Security Cybersecurity & Privacy - Security Compliance
Applicable Industries	Education
Applicable Functions	Business Operation Facility Management
Use Cases	Intrusion Detection Systems
Services	Software Design & Engineering Services System Integration Training
Challenge	The University of Oklahoma faced a significant challenge in managing the vast number of security events generated by their network sensors. With over 80 million security events and 350 alerts per week, the small security team, consisting of 10 full-time employees and 3-4 student security analysts, struggled to monitor and respond to these events effectively. The high volume of false positives further complicated their efforts, making it nearly impossible to identify and address genuine threats promptly. The university's IT infrastructure, accessed by approximately 90,000 user accounts from over 120,000 devices, required a robust and efficient security solution to protect against internal and external threats. Read More
About Customer	The University of Oklahoma (OU) is a prominent higher education institution with a large and diverse user base. It serves over 30,000 students and 7,000 full-time faculty and staff, in addition to providing user accounts to alumni, retirees, and distance learners. This results in approximately 90,000 user accounts accessing the university's IT infrastructure from over 120,000 devices each week during peak periods. The university's security team, led by Chief Information Security Officer Aaron Baillio, consists of 10 full-time employees and 3-4 student security analysts. The team is responsible for protecting the university's institutional data and guarding users against internal and external threats. Despite the small size of the team, they are committed to leveraging advanced technologies to enhance their security operations and provide valuable training opportunities for students interested in cybersecurity. Read More
Solution	To address the overwhelming volume of security events, the University of Oklahoma implemented the Respond Analyst, an intelligent decision engine that automates the analysis and triage of network security data. This solution mimics a human analyst's decision-making process, allowing it to make escalation decisions with the same finesse and expert judgment as a human, but at machine speed. By integrating the Respond Analyst with their existing security tools, including open-source IDS, Palo Alto Networks IDS/IPS, Vectra Threat Detection Platform, and Nessus Vulnerability Scanner, the university achieved comprehensive sensor coverage and significantly reduced the number of false positives. The Respond Analyst's ability to filter and prioritize security events enabled the security team to focus on the most critical incidents, improving their overall efficiency and effectiveness. This automation allowed the team to devote more time to incident response workflows, threat hunting, and engineering and automating workflows, ultimately enhancing their ability to protect the university's IT infrastructure. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Endpoint Security

Cybersecurity & Privacy - Intrusion Detection

Cybersecurity & Privacy - Network Security

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Education

Applicable Functions

Business Operation

Facility Management

Use Cases

Intrusion Detection Systems

Services

Software Design & Engineering Services

System Integration

Training

Challenge

The University of Oklahoma faced a significant challenge in managing the vast number of security events generated by their network sensors. With over 80 million security events and 350 alerts per week, the small security team, consisting of 10 full-time employees and 3-4 student security analysts, struggled to monitor and respond to these events effectively. The high volume of false positives further complicated their efforts, making it nearly impossible to identify and address genuine threats promptly. The university's IT infrastructure, accessed by approximately 90,000 user accounts from over 120,000 devices, required a robust and efficient security solution to protect against internal and external threats.

About Customer

The University of Oklahoma (OU) is a prominent higher education institution with a large and diverse user base. It serves over 30,000 students and 7,000 full-time faculty and staff, in addition to providing user accounts to alumni, retirees, and distance learners. This results in approximately 90,000 user accounts accessing the university's IT infrastructure from over 120,000 devices each week during peak periods. The university's security team, led by Chief Information Security Officer Aaron Baillio, consists of 10 full-time employees and 3-4 student security analysts. The team is responsible for protecting the university's institutional data and guarding users against internal and external threats. Despite the small size of the team, they are committed to leveraging advanced technologies to enhance their security operations and provide valuable training opportunities for students interested in cybersecurity.

Solution

To address the overwhelming volume of security events, the University of Oklahoma implemented the Respond Analyst, an intelligent decision engine that automates the analysis and triage of network security data. This solution mimics a human analyst's decision-making process, allowing it to make escalation decisions with the same finesse and expert judgment as a human, but at machine speed. By integrating the Respond Analyst with their existing security tools, including open-source IDS, Palo Alto Networks IDS/IPS, Vectra Threat Detection Platform, and Nessus Vulnerability Scanner, the university achieved comprehensive sensor coverage and significantly reduced the number of false positives. The Respond Analyst's ability to filter and prioritize security events enabled the security team to focus on the most critical incidents, improving their overall efficiency and effectiveness. This automation allowed the team to devote more time to incident response workflows, threat hunting, and engineering and automating workflows, ultimately enhancing their ability to protect the university's IT infrastructure.

Impact #1	The implementation of the Respond Analyst significantly reduced the alert volume, decreasing the number of escalated events from 350 per week to just 2-9 vetted incidents per week.
Impact #2	The security team experienced a reduction in alert fatigue, allowing them to focus on meaningful and actionable security events.
Impact #3	The automation provided by the Respond Analyst acted as a force multiplier, effectively adding the equivalent of 68 human security analysts to the team.

Impact #1

The implementation of the Respond Analyst significantly reduced the alert volume, decreasing the number of escalated events from 350 per week to just 2-9 vetted incidents per week.

Impact #2

The security team experienced a reduction in alert fatigue, allowing them to focus on meaningful and actionable security events.

Impact #3

The automation provided by the Respond Analyst acted as a force multiplier, effectively adding the equivalent of 68 human security analysts to the team.

Benefit #1	99% decrease in noise volume.
Benefit #2	Reduction from 350 escalated alerts per week to 2-9 vetted incidents per week.
Benefit #3	Equivalent of adding 68 human security analysts to the team.

Benefit #1

99% decrease in noise volume.

Benefit #2

Reduction from 350 escalated alerts per week to 2-9 vetted incidents per week.

Benefit #3

Equivalent of adding 68 human security analysts to the team.

Download PDF Version

Overview

Changing the rules of the game for cybersecurity

Operational Impact

Quantitative Benefit