Keeping Drake’s information safe: SIEM

In the June 27 edition of OnCampus, I provided an overview of several ongoing ITS initiatives designed to keep Drake in compliance with regulations and enhance security of confidential information. This week, I’m sharing additional information about one of our key initiatives, Security Information Event Monitoring (SIEM).

SIEM is a technical term for an early warning system. ITS configures it to collect log information from campus servers and other locations where confidential information is stored and accessed. It establishes a baseline of standard behavior, such as how and when these locations are normally accessed, and will alert ITS when any anomalies in behavior or activity occur. This allows ITS to further investigate to determine if an individual computer or any data has been compromised by an attacker.

This tool is a crucial component in helping to detect the early steps in a cyber attack, such as reconnaissance, lateral movement, or remote actions. It also aids in forensic investigation to determine the extent of any previous breaches.

Drake’s computing environment is under constant attack, making systems like the SIEM a valuable detection method. The charts below show Drake’s current vulnerability levels and why we are adding SIEM to help protect our computing environment.

Phishing/spam:
Cyber attacks starting with a phishing email make up almost 40 percent of successful data breach incidents. This chart showing the total volume of email received in June illustrates that 77 percent of the email sent to individuals with a drake.edu email address that month was malicious!
mailfiltering

Reputation filtering
Internet traffic—information that is transmitted to and from our computers when we visit websites—can contain malicious information without us even realizing it. This chart shows attempts to connect to campus systems in the month of June.
Reputationfiltering

Do you have any questions or concerns? Contact informationsecurity@drake.edu and let us know. And watch OnCampus for more information about how ITS is working to keep Drake’s data safe.

—Peter Lundstedt, Information Security Manager