|Higher Education||Needed faster alerts, cost-effectiveness||2500+|
After several acquisitions, their current MSSP lagged behind on alerts and didn’t provide much detail in their findings, resulting in manual analysis. With a small IT team splitting their time on various projects, they needed responsive and contextual alerts to help make handling the day-to-day IT management of the university easier.
LTU deployed Blumira in hours for broad coverage across their entire environment to ensure on-premises and cloud security. Now they leverage Blumira’s contextual findings and playbooks for remediation, as well as the capability to search logs for troubleshooting activities. They value the accuracy of detections that allow them to focus on what’s important.
With our old provider, it was a big time sink trying to filter through false-positives and close out events. As far as accuracy of detections, now we're able to respond to important activities sooner, since we're not wading through unimportant things.
Founded in 1932, Lawrence Technological University (LTU) is a private university located in Southfield, Michigan. Originally founded as a college of engineering, it has expanded to offer more than 100 programs in four colleges, including business and information technology, architecture and design, and arts and sciences.
LTU’s small IT team handles escalations, supporting infrastructure, networks, servers and more for their entire institution.
“We’ve managed to do a lot with a little,” Interim Director of IT & InfoSec Angela Bawcum said. “We look to strategically partner with companies to help us leverage external resources so we can better utilize our internal ones.”
They had partnered with a managed security services provider (MSSP) for nine years. Their SOC (security operations center) as a service provided SIEM (security information and event management) and analytics for LTU. While LTU’s IT team was initially happy with the services provided, after several acquisitions, they saw the quality of service start to deteriorate.
“We didn’t get any information in our email alerts aside from a link to the raw logs,” Senior Systems Analyst Bryan Allen said. “We ended up doing a lot of the work ourselves; investigating the sources of security events and resolving them.”
Their MSSP became less responsive and slower to alert them to potential issues – LTU would often receive alerts of security findings 24 hours after initially discovering them.
LTU was looking for a solution that could correlate data with findings, identify issues, then notify their team of what to focus on to remediate. They needed security insight into their environment to make their lives easier, as they focused on handling the day-to-day IT management of the university.
“We don’t have dedicated people to just sit and wait for things to happen. Our team has to split their time to support various systems and projects. Everyone on the team plays a key role in our security,” Bawcum said. “Getting responsive alerts is important so we can respond quickly to potential risks.”
They needed a solution that surfaced information, making it readily available as well as pointing them in the right direction for remediation. The MSSP didn’t provide much detail in their findings summaries, which caused their team to dig into events to do their own log analysis.
LTU was connected to Merit Network, a nonprofit providing high-performance computer networking services to educational, government, healthcare and other organizations in Michigan. As a happy partner leveraging Blumira, Merit recommended its platform to LTU for automated threat detection and response.
Needing to balance function with cost-effectiveness, LTU chose Blumira for its contextual findings, response playbooks, reporting capabilities and rapid time to detection.
“I like that you not only provide good details on findings, but also suggestions on what to do about them,” Allen said. “With our previous solution, it would often be 24 hours before we would receive alerts from our partner and we had to do a lot of manual analysis.”
LTU’s IT team leveraged the ability to search logs for troubleshooting activities to find out the last time a user logged in, and from which device. They value the ability to easily sort and correlate this type of information to help them find the source of issues, such as Active Directory account lockouts.
“Overall, Blumira is very straightforward and easy to use; much more so than our previous provider whose platform became so clunky that it was unusable,” Bawcum said.
Their initial steps of the Blumira deployment only took about an hour. Then they integrated their syslog (Windows/Linux servers) and NXLog with Blumira, along with CrowdStrike, Active Directory (AD), MalwareBytes, Palo Alto firewalls, G Suite and more to easily centralize their logs for threat detection and response.
“Setup was really quick and easy using all of your guides,” Allen said. “Your documentation is really detailed and useful to make sure we have all the right things logged and sent to Blumira.”
Bawcum agreed that the responsiveness and support of the Blumira team was amazing — another key aspect of what drove the decision to partner with Blumira, in addition to looking at the features, price and support they would receive going forward.
“With our old provider, it was a big time sink trying to filter through false-positives and close out events,” Allen said. “As far as accuracy of detections, now we’re able to respond to important activities sooner, since we’re not wading through unimportant things.”
LTU’s team was also able to realize positive operational outcomes.
“Now we can focus our attention without having to dig into data or deal with increased noise. Blumira allows us to manage all that we do a little better,” Allen said.