Big-data analysis helps QUT learn more about its security posture than ever

A massive big-data collection and analysis system is providing network infrastructure managers at the Queensland University of Technology (QUT) with unprecedented visibility into security events and other operational issues that arise daily when managing such an extensive and varied computing environment.

The big-data investment was instigated in order to provide a way of centrally storing and analysing operational logs from a broad range of systems, but in a university context it was also seen as an important tool to support researchers in a broad range of fields.

Splunk Enterprise big-data analytics software was initially deployed to allow IT staff to keep tabs on logs from the student management system and the university's QUT Virtual portal, helping pinpoint load-testing activities that ensured existing and potential bottlenecks were spotted early on and dealt with summarily.

In this way, QUT has been able to monitor, pinpoint and optimise the efficiency of its user experience.

The system has rapidly expanded to the point where it is currently collecting over 200GB of data every day. This includes data from authentication systems, security tools, virtualisation hypervisors, database management systems, operating systems, and physical hardware that also supports the helpdesk, lecture recording system, Microsoft SharePoint and Exchange, Blackboard learning management system, Media Warehouse, and other Web sites.

The Splunk environment provides instantaneous access to over 50 billion log entries through which IT staff can search and generate reports as necessary. “Our staff, students and researchers are eager to extract knowledge from data through visualisations,” a QUT systems specialist explained.

“By enabling our colleagues to correlate, contextualise and apply analytics to information from disparate sources, the Splunk platform offers significant opportunities for data-driven decision-making. They're able to analyse authorised machine data, gaining an unprecedented level of visibility and agility.”

This agility has proved particularly valuable in vetting the massive volume of security log information that is generated daily by the system's various infrastructure components to service the 45,000 students and 10,000 staff at QUT.

Root-cause analysis and performance monitoring form a critical benefit of the big-data environment, with log information highlighting persistent authentication, performance and other issues that may point to more sinister activity on the network. Specialised Splunk extensions for Microsoft Exchange allow the team to meaningfully monitor and analyse the performance of that environment, easily pulling out key metrics to ensure operational performance, simplify capacity planning and facilitate auditing of security events.

Because the data is being collected from a range of systems across the networking environment, cross-correlation of data provides a richer analytical toolkit than would otherwise be available.

The value of the environment, the systems specialist said, “is only constrained by the diversity of data given to it and the questions asked of it.”

Join the CSO newsletter!

Error: Please check your email address.

Tags dataQUTsplunkQueensland University of TechnologySplunk Enterprisevirtualisation hypervisorssecurity posturebig-dataCSO Australiasecurity events

More about MicrosoftQueensland University of TechnologyQueensland University of Technology (QUT)SplunkTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts