- Region:
- North/South America
- Industry:
- Education
- Solution Type:
- Backup/Data Protection
- Cloud Security
- Digital Transformation
- Endpoint Security
- Firewall
- Network Security
- Risk Management
- Zero Trust
IBM Case Study: Mohawk College
Overview
When cyber attacks breach even the strongest IT security systems, quick detection is critical to managing and recovering from the intrusion. Mohawk worked with IBM Business Partner GlassHouse Systems to implement the IBM Security® QRadar® Security Information and Event Management (SIEM) solution to quickly detect breaches and prioritise its incident response.
Business challenge story
Cybercriminals target college IT systems
Higher education institutions are one of the richest and ripest targets for cybercriminals. They offer the fruit of intellectual property, research and the personal information of both students and faculty. And generally, that low-hanging fruit is easily harvested by bad actors because cybersecurity measures and technology are often implemented piecemeal, without an eye to systematic prevention and response across multiple university or college departments. “You have so many different departments doing different things, it becomes a complicated landscape to protect,” declares Andrew Frank, Manager of IT Security Services at Mohawk College in Hamilton, Ontario. “Typically, if you don’t have a well-thought-out security program, the technical people will do everything around protecting the environment.
They’ll quickly run out and buy some anti-malware, or maybe install fancy, new, next-generation firewalls. And while those fixes are very important, they’re only part of combatting cyber attacks at a college like Mohawk.” It’s not surprising that Mohawk takes a comprehensive approach to cybersecurity. The college focuses on applied research, with multiple lines of study that allow students to gain real-world experience with businesses in Hamilton and the Greater Toronto Area. It is known for innovation in its own operations, with LEED-certified green buildings and heating and cooling systems. Mohawk also teaches cybersecurity and has an extensive Central IT department that oversees cybersecurity for the institution. Several years ago, it became clear that the college needed to use state-of-the-art cybersecurity tools to protect and defend against malicious attackers. Frank recalls how the college’s cybersecurity environment evolved. “Our board was starting to ask questions about it, asking how we could build a program around protecting our critical assets,” he says. Central IT started by looking at different industry frameworks for security, including ISO 27001 and ISO 27002 standards for managing information security. It then used the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) to conduct a gap analysis and score itself across its five pillars: Identify, protect, detect, respond and recover. The college knew that it had done well in identifying the assets it needed to protect and in protecting those assets generally.
However, it did not score as well in detection, so if its controls failed, it could not quickly identify the breach and move on to respond and recover from the breach. “You can put all this investment into your protection mechanisms, but there’s no silver bullet,” asserts Frank. “Eventually, there’s a high risk of compromise and a complex landscape.” Mohawk decided to focus on and invest in detection. “We wanted to make sure that if somebody got past our protection, we could quickly detect and eradicate them from our network,” Frank says. In higher education, it can sometimes take months before someone realises that the attackers have infiltrated a system. “We didn’t want that to happen if our systems were breached,” he says. “Detecting quickly was important to us, but so was what happens after the fact,” notes Frank. “You want to be able to … replay things to identify exactly what happened and exactly what systems were touched, to rebuild your systems after the fact and re-secure your network after a breach.” Mohawk began a search for an industry-leading detection platform. At the time, it was already working with IBM to build out its cybersecurity curriculum to include SIEM tools such as the QRadar solution. It was with this synergy in mind that Frank and his colleagues began exploring SIEM solutions for the college.
Frank outlines the college’s criteria: “We wanted a tool that was easy to use, didn’t require substantial amounts of training for users to be able to pivot and search through data to both see event logs and do network traffic analysis.” The college needed a tool that would not only store the information for searches but also identify and prioritise incidents and offer the option to apply AI to investigate breaches faster. QRadar quickly rose to the top of the solutions that Mohawk investigated. The tool stood out above the others under consideration because Gartner had named it a SIEM leader in its Magic Quadrant for SIEM report, it had good standing with public cloud providers and it had received strong references from other higher education institutions.
Transformation story
SIEM for detection, prioritisation
Mohawk decided to implement the QRadar SIEM platform to help it more quickly detect and prioritise threats on its diverse and distributed IT network. “So QRadar really checked a lot of boxes for us once we determined what tool we wanted,” says Frank. “We just needed to find somebody who could not only sell it to us but also provide professional services around installation.” Mohawk selected GlassHouse, a local IBM Business Partner, to implement the QRadar solution and to provide personalised ongoing support to the college. “We could tell from the beginning that everybody was extremely professional at GlassHouse,” says Frank. “They weren’t just there to sell us something and get in and get out. They established a relationship with us.” GlassHouse implemented the QRadar solution, building the infrastructure across three campuses and its primary data center to help the college ingest and analyse data from multiple systems and departments.
Results story
“It’s all about visibility”
Even with the best cybersecurity protection systems, some threats get through. And if the security team can’t see the threat, it can’t respond to it. Now, after implementing QRadar, Mohawk can quickly spot and respond to cybersecurity breaches. “It’s all about visibility,” says Frank. “Being able to see what’s happening on the network, being able to see how the different machines connect and communicate with each other. It’s about creating alerts to be able to see if there’s a potential compromise in the network that requires investigation. With QRadar, there’s a layer of visibility that we previously didn’t have.” Frank contrasts the previous complexity of overseeing the Mohawk security system and the current simplicity of viewing it with the QRadar dashboard. “If you can imagine, in a large organisation, you can have many different security tools and appliances,” he says. “From anti-malware on the endpoints, to the data centre, to firewalls — external to the organisation, and also internally in different locations — intrusion prevention sensors among others.” Previously, these elements all had all their own unique interfaces that his security team had to log into individually to view possible threats. And there were many of each element, scaled across the organisation in different departments, campuses and locations. “Now, QRadar ingests all that data into one pane of glass for us to look at,” Frank says. “And then all the alerts, warnings and potential threats that come up out of those solutions, those are really prioritised in a risk-based approach for us to investigate. So, it really does assist with sifting through information; it makes it quick and it makes sure that we’re focusing on those top risks or threats.” Mohawk also uses QRadar Data Store to provide centralised log management, which boosts Payment Card Industry Data Security Standard (PCI DSS) compliance for the college. Centralised logging also helps the operations team, according to Frank. “When we’re troubleshooting issues in the data centre that are not security related, the operations team now has access to be able to dig into the details,” he says. “They can do searches to find the information that they need quickly without having to manually go into each and every machine and try to manually review the logs. I think it speeds up a number of challenges that the average infrastructure team is going to face.” Frank is glad that that the college chose to work with an IBM Business Partner like GlassHouse and lauds the GlassHouse team: “They not only had really high-quality, technical and knowledgeable staff around QRadar, but also cybersecurity in general. We were absolutely impressed.” Jeff Wilson, of GlassHouse, in turn explains why having a close relationship with Mohawk has engendered success. “There’s nothing in Mohawk’s environment that has been difficult in terms of integrating into QRadar,” he says. “In security, having a tight and effective engagement with a customer — understanding their processes, understanding their infrastructure and their software environment and where their most critical data is — is really important to delivering security and finding ways to patch holes that exist. And so that fit between a medium-sized company like GlassHouse and a medium-sized customer like Mohawk, I think makes for this kind of successful engagement.” The engagement has also been successful thanks to support from the college board and buy in from other departments, such as the operations and infrastructure teams, who have already reaped benefits from the QRadar solution. “They understand what the tool is, how it works, and how in their unique departments, they can start to see benefit from the tooling itself,” says Frank. “I think that was a critical success factor as well as getting everybody to board the bus and driving it together to find the right solution internally at the college.” The college is building synergy between its behind-the-scenes security department and its academic programs by offering courses in cybersecurity that include SIEM. Ultimately, its use of the QRadar platform may become a recruiting tool, as students who want to build skills in a high-demand arena like cybersecurity will see that the college is practicing what it teaches by implementing a state-of-the-art SIEM solution.
Mohawk College & GlassHouse
Founded in 1966, Mohawk (link resides outside ibm.com), located in Hamilton, Ontario, Canada, positions itself as a postsecondary destination renowned for its innovation culture. Its mission is to educate and prepare highly skilled graduates for success and contribution to the community, Mohawk College educates more than 32,500 full-time, part-time, apprenticeship and international students, with approximately 1,000 faculty. It operates three main campuses: Fennell, Stoney Creek and the Mohawk-McMaster Institute for Applied Health Sciences at McMaster University. Founded in 1993 in Toronto, Canada, IBM Business Partner GlassHouse (link resides outside ibm.com) has been helping its customers in the private and public sectors reduce the complexity and operating costs of their IT environments. The company has expertise in and provides solutions for cloud, managed services, enterprise security, infrastructure and more. It operates from its Canadian corporate headquarters in Toronto, and its US headquarters in Lisle, Illinois, and employs approximately 80 people.