Explore Cloud solutions for Near Realtime Actionable Alerts from Massive Security Logs.
Awarded CSU-AWS 20k Credits
Orlando Leon, Chief Information Officer
- Rafael Villegas
Technical Information Security Officer
- Max Tsai (email@example.com) * PoC
Innovation Architect and Coordinator of DX
This proposed project is a joint effort of Information Security and Innovation teams to “Explore Cloud solutions for Near Realtime Actionable Alerts from Massive Security Logs.” This project aligns closely with the Cloud Infrastructure Readiness and Cyber Security efforts at Fresno State.
Security logging is important for identification of policy violations, investigation of malicious activities, and record tracking of other analogous events. Regulations also require the collection and retention of security logs.
The volume and importance of log data is growing. As universities migrate from on-premises to the cloud, a long-running problem is what one should do with all this log data and how to analyze it. The cloud infrastructure promises a lower cost opportunity for universities to secure, analyze, and manage security logs. But pushing security log records to the cloud poses new challenges. Universities want to capture and consolidate their on-premise and cloud security logs to maintain a comprehensive view of their security posture.
This project will improve security by implementing and using the Elastic Stack to achieve actionable Security Information and Event Management (SIEM) alerts from analysis of security logs stored and maintained in a cloud based environment.
The project aims to leverage the AWS Elasticsearch service to deploy, secure, search and analyze security logs in near real-time. The project will integrate the open-source tools Kibana and Logstash for data ingestion and visualization.
The project’s outcome is to minimize the time when the university learns of a cyber threat to when it responds to a threat. Thus the university would become more secure, informed, and responsive to threats.