Educause Security Discussion mailing list archives
remotely monitoring from multiple campuses & sample SIEM/log management RFPs
From: "Youngquist, Jason R." <jryoungquist () CCIS EDU>
Date: Tue, 21 Apr 2009 10:21:20 -0500
For those of you that have multiple campuses, do you have an IDS/IPS device at each campus, or how are you monitoring abnormal/malicious activity from the campuses? Currently we have ~30 remote campuses (size varies from a couple computers to ~80 computers) and each has their own Internet connection. Instead of deploying an IDS/IPS at each campus (which would have been cost prohibitive) each campus has a Cisco router exporting neflows to a central collector, and we are using a commercial NBAD product to monitor the campuses for any abnormal/potentially malicious activity based on netflow information. If we just had one Internet pipe at our main campus, I could stick in something like a TippingPoint for IDS/IPS, but since we have a large amount of remote campuses we also want to monitor, it makes things a bit challenging. I'm looking for suggestions others might have for any alternatives to monitoring the traffic for malicious activity at our remote campuses. Also, does anyone have any sample log management/SIEM RFPs they would be willing to share? Appreciate any information you can provide. Thanks. Jason Youngquist Information Technology Security Engineer, Security+ Technology Services Columbia College 1001 Rogers Street, Columbia, MO 65216 (573) 875-7334 jryoungquist () ccis edu http://www.ccis.edu
Current thread:
- remotely monitoring from multiple campuses & sample SIEM/log management RFPs Youngquist, Jason R. (Apr 21)
- <Possible follow-ups>
- Re: remotely monitoring from multiple campuses & sample SIEM/log management RFPs Brass Hat at Crystal Palace (Apr 21)