To Security Information and Event Management (SIEM) and Beyond: National Collaboration and Regional Impacts

The Canadian National Research and Education Network (NREN) is an essential collective of infrastructure, tools, and people that bolsters Canadian leadership in research, education, and innovation. CANARIE and its 12 provincial and territorial partners form Canada’s NREN. In British Columbia, the NREN partner is BCNET, which works in partnership with CANARIE, the Ministry of Advanced Education, Skills and Training, and our higher ed members to design, develop and offer cybersecurity services to its members. Through this collaboration came a proposed SIEM solution that will enable all partners of the NREN to better identify, manage and respond to cybersecurity threats, and will strengthen the overall security of Canada's NREN infrastructure. Deploying a SIEM for any organization is challenging on its own, but even more so when developing a SIEM-as-a-service for a diverse set of institutions. In this session, we hope to share our strategic approach, the onboarding phases, and institutional experience from one member. We will share our challenges and lessons learned as we onboard more institutions and continually improve the SIEM-as-a-service offering from BCNET. This is the first step to providing a turnkey solution that includes other security tools like DNS firewalls, Nessus, SOAR, and Zeek (Bro) for educating and securing our regional members.