Formed in 2013 and located on the border of North East Wales, Coleg Cambria has approximately 7,000 full time students, 20,000 part-time students and a number of international links. Across its five sites, the college offers a vast array of courses, including A levels, GCSEs, BTECs, Welsh for Adults and Higher Education. In 2018, the college decided it needed a single, end-to-end cyber security tool that would centralise and automate workflows, and accelerate threat qualification, investigation and response.
“With a lot of sensitive data stored on our network, it’s crucial we have the right tools in place to protect it,”said Robert Green, security analyst at Coleg Cambria. “ However, this can be challenging as our network infrastructure is extensive, complex and accessed by thousands of users on a daily basis. Last year, we found that the threat detection tool we were relying on was becoming increasingly slow, clunky and involved a lot of manual investigation, which was ultimately putting too much strain on our IT department. Like many further education institutions, we are faced with managing threats – both external and internal – and we knew that in order to do this effectively we needed a platform that would remove time pressures and give us greater visbility into the network.”
Following a review of the products on the market, Coleg Cambria selected LogRhythm’s NextGen SIEM Platform. It was chosen for its out-of-the-box functionality and advanced analytic capabilities.
“The visibility and insight we now have with LogRhythm is unrivalled,” continued Green. “Our IT team is now able to see exactly what’s happening across our network in realtime, which is helping us stay one step ahead of potential threats. For example, it’s already flagged malicious malware that one of our students uploaded onto one of our labs, enabling us to neutralise the threat immediately. We would never have known about this when using our previous tool.
“The benefits of this platform also go beyond threat detection. The platform has identified potentially dangerous holes in our existing security tools and processes. An internal authentication server received a login request originating from outside the network – something that shouldn’t have been possible – which alerted us to the fact that there was a problem with our firewall configuration. Furthermore, we realised that when staff left the college, their accounts weren’t being deactivated in a consistent manner in line with our operating procedures. By highlighting this, LogRhythm has helped us improve our security programme significantly.”
Green concluded: “In addition to the visibility it provides, what set LogRhythm apart from its competitors was its out-of-the-box capabilities, which enabled us to start using the platform effectively from the offset. We had peace of mind that we were protected as soon as it was plugged in.”
LogRhythm’s NextGen SIEM Platform combines user and entity behaviour analytics (UEBA), network traffic and behaviour analytics (NTBA) and security orchestration, automation, and response (SOAR) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled security operations centre (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments.
“We are thrilled that Coleg Cambria has seen such positive benefits since deploying our NextGen SIEM platform,” said Martin Landless, sales director, UK & Ireland, LogRhythm. “With all large institutions, managing threats, whether malicious or not, is becoming extremely difficult. There is simply too much data to make sense of manually. Our platform alleviates this problem by removing the time-consuming, menial tasks, and centralising security operations. We look forward to working with Coleg Cambria going forward.”