Case Study:

SIEM solution provides much-needed clarity around network activity


Part of the Russell Group of leading universities, Durham University (DU) has an international reputation for ground-breaking research and consistently ranks in the top 10 for teaching excellence in the UK. More than 4,000 staff members provide a wide range of highly regarded courses hosted in 17 colleges and attended by close to 20,000 national and international students.

Russell Group University

Global reputation for high-quality teaching and research

4,300 staff, 17 colleges and approximately 20,000 students

The Challenge

Being able to access a centralised log of network activity and event management across the wider IT estate is becoming increasingly important for organisations of all shapes and sizes. DU is no exception and Gary Foster, Senior Manager - Cyber Security in the Computing and Information Services Dep’t, was keen to source technology able to provide that capability. It would need to deliver the transparent, consolidated information the university required to bolster its security capabilities and facilitate improvements to processes and IT infrastructure performance.

 “We were aware of how a fragmented view of network and system security activity limits quickly and robustly detecting and responding to security incidents,” said Gary. “Within the team, we recognised that a SIEM (Security Information and Event Management) solution would help provide the clear, centralised information log we needed to ‘join the dots’ and improve security and performance. The IT team already had access to information around network activity and system performance, but it was in need of aggregation and correlation to provide the visibility we really needed to enhance protection for our systems, data and users.”

 Having made the business case and secured financing and resource for a SIEM implementation, the IT team faced the challenge of understanding which type of solution, from the many on offer from multiple vendors, would be best suited to its unique requirements - and that’s when Softcat became involved in the project.

Critical Success Factors

· Improve security

· Enhance network performance

· Identify cost-effective, high-functioning solution

The Solution

Softcat has become a trusted DU technology provider having worked with it on multiple IT projects, including networking equipment provision, managed services and software solutions, over recent years. Gary Foster knew it had a good understanding of DU’s IT team and its networking environment, but more importantly, he knew the extent of Softcat’s knowledge of the vendor and sector landscape. He was confident that the Softcat team could help secure the optimal solution for the task in hand.

 Thomas Rowley, Softcat Networking and Security Specialist (Higher Education focused), takes up the story. “Our Account Manager, Reece Ellis, made me aware that DU was looking to implement a system capable of interrogating network activity and providing granular data and analysis logs from across the network. It was clear that a SIEM solution would be ideal and DU wanted help with identifying providers capable of delivering the value and functionality required.

 “We held an initial engagement workshop, to help the university understand the functionality available from SIEM solutions today, how these options mapped onto DU’s use cases and the essential and desirable requirements of the solution. This gave us the information we needed to identify suitable vendors, four Gartner Magic Quadrant-recommended vendors initially, and carry out further market research to help narrow down the field.”

 A second workshop followed shortly after to work through all of the different providers, looking at key features, a robust MoSCoW analysis, the capabilities, the maintenance and potential cost implications of each of the four vendors.

 “The workshops were really helpful,” said Gary. “They clearly illustrated how well Softcat knew the marketplace, the HE sector and the technologies on offer. Clear, easy-to-understand information around functionality and cost was provided and, crucially, we were able to learn how other organisations in our sector had gained value from similar implementations.”

 After further consultation, the potential vendors were narrowed down to two. Softcat arranged for both vendors to present their solutions to the IT team. The morning and afternoon sessions enabled the IT team to carry out Strengths, Weaknesses, Opportunities and Threats (SWOT) analyses and explore further the suitability of each proposed solution. After careful consideration, DU chose an analytics-driven SIEM solution from multi award-winning provider Splunk.

 Once the decision had been finalised, Softcat arranged for an experienced Splunk support provider to help implement the solution. Throughout the implementation phase, Softcat kept in close contact with both DU and Splunk to help ensure the success of the project. “Working collaboratively with Softcat and Splunk proved to be an extremely productive arrangement,” said Gary. “It inspired confidence that the implementation would be quickly and efficiently achieved, ensured the solution was fit for purpose and really added value to the project.”

Solution Highlights

· Comprehensive client collaboration to identify suitable technologies

· Delivery of solution-focused workshops

· Trusted third-party implementation provider

The Benefits

From Gary’s perspective, the key benefit is efficiency! “The Splunk solution enables us to standardise our approach and response to repeat scenarios. The data it provides enables us to detect events we wouldn’t have detected before and deal with them much more quickly and effectively. With near real-time visibility of critical data and events, we can respond more robustly and leverage that information to improve workflows, responses and processes across the board.”

 Softcat’s extensive sectoral knowledge was a major factor in the project’s success. “Of course, we could have investigated the pros and cons of individual solutions as a team,” said Gary, “but Softcat’s knowledge and track record of successfully implementing similar projects provided the critical expertise we needed to rapidly identify a suitable solution. Softcat knew what other HE sector organisations had achieved from similar implementations and how they had secured those capabilities – this proved a significant value add from our perspective.”

 The effectiveness of Splunk’s offering in partnership with Softcat was recognised by Frederik Maris, VP EMEA at Splunk, who says “The Splunk Platform helps organisations turn data into action and its flexibility allows both network operations and security teams to improve effectiveness across the university. Over half of the Russell Group Universities now use Splunk as their Data-to-Everything platform and as a partner, Softcat really understands the value of the platform as well as wider data use cases across the Higher Education sector.”

 Engaging a trusted third-party provider to implement the solution helped keep costs to a minimum, accelerated the implementation schedule and helped ensure a rapid Return on Investment. Although primarily implemented to enhance IT security, DU has a solution that can work for a wide range of functions and processes going forward.

 We’re confident it’s the right solution and we fully expect to see added benefits further down the line. Working closely with Splunk has already proved to be extremely valuable. It’s clear that Splunk puts a tremendous amount of effort into providing sector-specific information and collaborative opportunities with similar organisations. It’s helping us gain optimal value from the solution,” said Gary.

 Benefits at a glance

· Enhanced visibility of network activity

· Rapid, cost-effective implementation of leading-edge technology

· Foundations established for improvements in processes and behaviours

Why Softcat?

“Softcat takes great pride in its preparatory work and the industry knowledge we bring to all of our client engagements. Hands-on account management and the capacity to minimise costs without sacrificing functionality are powerful drivers in how we do business. Our close relationships with leading vendors and HE institutions also helps to ensure we’re ideally positioned to deliver solutions that closely match our client’s specific requirements,” said Thomas.

 “There were many reasons why we chose to work alongside Softcat on this project,” said Gary. “They always make the effort to offer services and expertise without strings attached. Even before purchasing decisions are finalised, they take the time to analyse the suitability of individual solutions, so they can provide the most effective technologies to achieve our goals.

 “They always ask, ‘what can we do to add more value’ and follow up on promises. Softcat is extremely hands-on and always strives to establish an ongoing, productive relationship with its clients. It gives us confidence that we are sourcing precisely the technologies the university needs.”

Get in Touch