Why UC Davis chose Elastic to enhance its Security Operations Center

The University of California at Davis is an agriculturally focused university of more than 30,000 students. Founded in 1905, the university performs federally funded research for the U.S. Department of Defense, U.S. Department of Agriculture, and other agencies. It’s also home to  an electric power substation, police and fire departments, and even an airport.  All […]

The University of California at Davis is an agriculturally focused university of more than 30,000 students. Founded in 1905, the university performs federally funded research for the U.S. Department of Defense, U.S. Department of Agriculture, and other agencies. It’s also home to  an electric power substation, police and fire departments, and even an airport. 

All of this combined is a digital security challenge for Jeff Rowe, the university’s cybersecurity architect. There are 5,000 servers, and the university’s Security Operations Center monitors 170,000 user accounts for cybersecurity threats originating across the globe.

With this level of complexity, UC Davis needed to enhance its security even more. The first step for the university was to centralize security logs in one place by eliminating multiple data silos that were difficult to maintain and search.

“Everything was spread out across multiple systems … Some of the systems were hard to maintain,” Rowe says. “This is primarily what we wanted to address with a new project.”

According to Rowe, the university wanted Elastic to replace their legacy security SIEM tool, ArcSight, which was handling about 300 gigs a day of security logs for their Security Operations Center (SOC).

The UC Davis journey to Elastic

ArcSight was labor intensive and expensive, Rowe says. In addition, there was no federated access control, which meant that ArcSight couldn’t be made available to some UC Davis partners.

Because of these shortcomings, the time had come to move to a “next gen security logging platform.” They evaluated Elastic, Splunk, SumoLogic, and LogRhythm. UC Davis chose Elastic because it solved their data visibility issues, was easier to maintain, and was cost effective.

The migration to Elasticsearch was completed in about six months — about a half a year sooner than planned. The university is now ingesting, on average, 800GB of data a day into Elasticsearch. The SOC retains logs at various hot, warm, and cold phases to maximize cost benefits. 

“We can get a lot of data and it helps address our visibility problem that we’ve always struggled with before,” Rowe says.

Elastic reduces costs, enhances security

According to Rowe, Elastic supplies a wealth of benefits to the university:

  • Provides a high-performance, fault-tolerant logging platform
  • Reduces costs
  • Enables federated, role-based access control
  • Enhances security
  • Empowers student analysts working with the SOC to get well-placed jobs after graduation

Watch the full presentation to learn more about how Elastic enhanced security at UC Davis, and to find out how the university plans to use security and machine learning to become an even greater institution of education and research.
Source: Elastic