University of Technology Sydney (UTS) is one of Australia’s largest and best-known higher education institutions. Established over 30 years ago, the university hosts more than 40,000 students, covering a range of subjects from architecture to business, communication to engineering, and IT to nursing.
Peter Degotardi is cybersecurity manager while Graham Allen takes the role of senior IT security officer. Their team is tasked with the job of securely managing tens of thousands of staff and students, approximately 3,000 servers, 5,500 desktops across all major operating systems, and 60,000 IP addresses. To help with this, there are multiple firewall tiers at the datacenter and internet gateway.
Like their counterparts in educational institutions across the globe, Allen and Degotardi have to contend with a growing range of cyber-threats. Universities are increasingly targeted by financially motivated cyber-criminals with ransomware and phishing attacks designed to steal PII from staff and students. But they’re also coming under greater scrutiny from state-sponsored hackers, keen to steal ground-breaking research to boost R&D efforts back home.
“The goals over the past three or four years has been to transform us from a reactive security organization to something that is much more proactive. The integration of tools and pre-emptive alerting is a large part of this,” explains Degotardi.
To help achieve this transformation, Degotardi was keen to refresh the UTS’ existing vulnerability management and SIEM solutions to drive improved visibility and control. With this change, they hoped to tackle issues before they escalate into major problems, and identify areas where security could be improved to reduce the overall workload on the IT security team.
UTS chose Rapid7 for InsightVM (then known as Nexpose) for its superior reporting, user interface, and vulnerability detection. The product’s “wonderful” dashboards are widely praised by Allen, helping to improve communication across the security team and with system administrators. The feedback has been positive so far and the end goal is that all IT stakeholders will soon be able to access dashboards relevant to their role.
“The dashboards are a really good snapshot in time. Let's have a look, drill down into that, and you can just keep clicking and drilling into stuff,” he says.
The product’s asset criticality tags in particular have helped to improve the efficiency of IT teams, ensuring they have a single pane view of the university’s mission-critical systems and applications, and whether any outstanding patches need applying.
The Insight Agent has also been a great benefit for the UTS team, especially in its ease of setup deployment and because it doesn’t first require authentication from each system it’s running on.
“The agent now gets rolled out to any new server being run up. And it's the pre-configured agent, which makes life a lot easier from a sysadmin perspective, because they just deploy the package, and it's done,” explains Allen. “I'd say from the sysadmin team's perspective, it's a lot easier, and they're a lot more comfortable with it now, because pretty much once the system gets spun up: bang. The agent is communicating back to the collector, and it's all good.”
Using the same agent as InsightVM, the InsightIDR solution has also benefitted the UTS team in its ease of deployment, as well as turning heads for its power and speed—saving IT time and helping to reduce risk more efficiently.
The “ace up its sleeve” is that it’s unlike anything else on the market, in being a full SaaS-based SIEM platform, according to Allen.
“That was one of the attractive things, not having to deal with patching and updating it and looking after it and all sorts of other things that become a pain,” he adds. “Having that capability was great.”
Even better, UTS got up and running with InsightIDR in just a couple of hours and is providing visibility into threats that the institution simply didn’t have before. He sees further time savings and improvement around IT productivity with the custom parser that “works like a dream,” enabling them to ingest and correlate disparate data sources. Allen and his team can also perform simple searches on users linked to security events and view all the information they need on one screen, in a single click. He praises the speed of the product itself: taking just five minutes to sift through 400 million events.
InsightIDR even allowed UTS to ditch its existing file integrity monitoring solution (FIM) and use the product’s built-in capabilities to help staff and students looking for missing files.
Together, the Rapid7 solutions, including the newly added application security testing solution, AppSpider, have helped to enhance productivity, cut overheads, and drive visibility and control for the UTS IT security team. A user-centric approach means Allen and his colleagues can spend more time doing, and less time getting ramped up.
“It's nice having that sort of UX-centric approach to it rather than a technical approach—it just makes it a lot easier to give people access,” he says.
On top of this, they’ve managed to cut the number of tickets that need reviewing each day, saving time and helping the small team focus on the highest priority tasks. The Insight Agent has saved even more valuable time on deployment and ongoing management.
So, what about the Rapid7 team? Allen is delighted there’s local client-facing support Down Under, to avoid late night or early morning phone calls to the US.
“It’s nice having somebody catch up with you every couple of weeks, every couple of months. That's pretty much how we came to be InsightIDR and AppSpider customers—purely through those interactions,” he concludes. “So, whatever our account manager is doing, keep it up, because that's the personal touch that makes a big difference.”