Abstract
Universities and other educational institutions are becoming more and more dependent on technology for their daily tasks. This makes them easy targets for cyber threats that can steal sensitive data and stop operations. Strong cybersecurity is essential in these places to protect student and faculty information, keep classes running, and make sure everyone is safe. This project focuses on Sacramento State University to meet the urgent need for better security monitoring and real-time threat detection in the educational sector.
Sacramento State University currently manages a large volume of security-related logs generated by various sources throughout its network. This substantial amount of data poses challenges for the existing log analytics infrastructure, which relies on traditional databases, making it difficult to analyze effectively. As a result, the identification and response to potential security issues are delayed. This delay in threat detection and resolution could significantly increase the university's vulnerability to cyberattacks and data breaches, underscoring the need for a more advanced and flexible security monitoring system.
This project proposes utilizing the features of Elasticsearch to build a Security Information and Event Management (SIEM) system to overcome existing limitations. The institution can achieve real-time analysis and visualization of its security data by employing the ELK stack, Elasticsearch, Logstash, and Kibana. This approach allows for the aggregation and indexing of logs from various security solutions, including Cisco Duo and Qualys, into a single platform. Elasticsearch's advanced search and data analytics capabilities offer numerous benefits, including enhanced security posture through real-time monitoring, sophisticated alerting systems, and comprehensive visualization dashboards.
This project utilizes Elasticsearch to develop a Security Information and Event Management (SIEM) system aimed at enhancing cybersecurity at Sacramento State University. The approach integrates security logs from Cisco Duo and Qualys into a centralized ELK stack and identify anomalies and patterns by creating machine learning Anomaly detection jobs in Elasticsearch. Additionally, Kibana is used to visualize the security posture in real time.
One of the key benefits of this project is a significant reduction in the time needed to identify and address security risks, ultimately strengthening the university's overall security. Furthermore, the project will leverage asset IDs from vulnerability scans and geographic location information from logs to provide valuable insights to the university's cybersecurity team.