IT managers at colleges and universities fully understand that, with mobility and BYOD, the threat landscape has increased exponentially over the past three to five years. With recent news about the Heartbleed bug and high-profile security breaches at several U.S. universities, some may argue that the situation has grown more intense in just the past few months.
Students are rightfully concerned that their financial and personal information has been compromised, and some are less apt to use the online tools now playing such an integral role in most campus business today. Much is at stake, and university administrators are looking to IT staff for the answers.
The days when hacking incidents were the misguided efforts of bored teenagers or college students are long gone. Threats to academic computer systems include foreign countries looking to steal vital national security research, hacktivists trying to make a political point, criminals stealing personal information for profit, and employees or students acting with a grudge against their employer.
Such evolving threats require a new approach to security: Simply reviewing log reports and running signature-based detection of known threats — old-style security information and event management (SIEM) — doesn't cut it anymore.
Along with real-time monitoring, the next generation of SIEM offers context-aware anomaly detection, supported by automated correlation and data analytics.
What Is Situational Intelligence?
Whether known as situational intelligence — or more often, situational awareness or security intelligence — the concept is defined by Vinay Sukumar, a security systems technical product manager at IBM, as "a methodology of analyzing millions and billions of security and application records across an organization's entire network to gain insight into what's actually happening in that digital world" and "the process of combining internal, locally collected security data with external intelligence feeds and the application of correlation rules to reduce huge volumes of data into a handful of high-probability records requiring immediate investigation to prevent or minimize the impact of security incidents."
Newer products, such as IBM's QRadar Vulnerability Manager or Splunk, allow IT staff to gain broader visibility over an organization's security posture, detect deviations from the norm and initiate preventive procedures — before an attack even occurs.
The products also can perform follow-up remediation, analyze data to devise countermeasures for the attack and develop best practices so organizations can quickly adapt to meet emerging and ever-evolving threats.
Colleges and universities pride themselves on establishing an open learning environment where information flows freely. That ideal should be maintained, of course, but not without a change in mindset. Security tools that can help continue to evolve, but IT teams also must recognize that some things need to change, and that now is the time for action.
Start by trying some of the new next-gen security products that let IT managers easily run pilot tests. Create a sandbox in a noncritical portion of the network and see what develops. (Odds are, the team will discover threats well outside of the scope of known viruses and malware.)
As the threat landscape escalates, IT departments need three features that they haven't had in the past: the ability to detect unknown threats, the ability to develop analytics on the types of threats that have infiltrated the network, and greater visibility into the organization's security profile across multiple departments.
IT managers can't promise that a breach will never happen, of course, but they can take steps to convince the administration that a certain amount of extra security measures — passwords and authentication, for example — must be tolerated in order to protect the larger community.