How Advanced Log Management Can Trump SIEM: Tales of Woe and Glory

Network situational awareness is a prerequisite for mature information security operations. Achieving and maintaining a sufficient level of situational awareness is a challenge, often amplified in higher education institutions having highly decentralized governance models. Application and system logs, even if available to an operational security group, have become less effective as the number of devices, services, and users has increased. The existing Security Information and Event Management (SIEM) solutions usually are too costly, time-intensive, or a poor fit for educational networks. Adelphi University replaced their SIEM with a log management platform and haven't looked back. Carnegie Mellon University uses open-source tools to index log data in near-real time and search terabytes of data in milliseconds, and a custom-built web interface lets analysts quickly drill down to unusual events.