Organization: Midwest liberal arts university
|Total student enrollment
|Faculty and Staff
Log Sources: 1,140 individual sources from: HP, Cisco, Palo Alto, Barracuda, Trend Micro, Apache, IIS, Azure, and Qualys.
- Reduced and remediated compromised accounts
- Closed gaps in network visibility
- Provided a central source of logging
“BitLyft provides that extra set of eyes and expertise we’re not able to have on staff.” Information Security Officer
Managing the security posture of a university is no small task. This is especially true when you have to manage it on your own. For one Information Security Officer (ISO) at a liberal arts university in the Midwest, this workload was the norm. A lack of time, resources and expertise meant this “team of one” had to rely on other department members to fill in security gaps surrounding infrastructure, applications, endpoint users, etc.
The university’s security “team” also faced challenges like having no centralized logging and experiencing large gaps in network visibility. The university required additional insight into both internal traffic and the types of traffic entering and exiting the network.
To help remediate the situation, the institution purchased LogRhythm’s Security Incident Event Management (SIEM) to run on-prem. The university attempted to manage the program on its own for a few months, but quickly realized additional resources were required to fully take advantage of the tool’s capabilities.
After evaluating the references of multiple vendors, the university decided to partner with BitLyft. “When I was introduced to the staff at BitLyft, I was impressed with the expertise and the personalities of all of the team members,” said the ISO. “Sometimes when you work with other vendors, the process can be very cut and dry and you don’t feel comfortable with who you are working with.”
BitLyft was able to work with the university to provide the right services and attention needed, all while staying within their budget.
“Since information security can be a scary topic, many vendors think companies will have an open checkbook,” said the university’s ISO. “But that is not the case in higher ed; in higher ed budgets are tight.”
Some of the services BitLyft provides to the university include: incident response assistance, managed SIEM service and information security advisory.
Once the partnership with BitLyft began, the university’s security posture drastically improved. With the addition of information security talent, the university was not only able to reduce the number of compromised accounts, but it was also able to reduce the amount of time needed to remediate these accounts.
The university also gained the much needed network visibility it was lacking. “Ultimately, the goal was to enlist another set of eyes to assist in the day-to-day operation of LogRhythm and to supplement our lack of resources,” said the ISO. “I feel like I can call anyone on BitLyft’s support line any time—night or day—and they’ll be ready and willing to jump into a problem if we have it.”
As the partnership continues, BitLyft will continue to develop additional automation tools, metrics and reporting features to elevate the university’s security posture.
“We could have gone many different ways and possibly been as happy, but I kind of doubt it,” said the ISO. “The level of expertise, the value, the interpersonal dynamics, all of those areas have been big positives of working with BitLyft.”