Universidad Autónoma de Madrid Improves Security Information Management with Enterasys

Enterasys SIEM collects and combines UAM’s network, security, vulnerability and threat data into a powerful management dashboard

Madrid, Spain — Mar 16, 2011 – Enterasys Networks, a Siemens Enterprise Communications company, today announced that the Universidad Autónoma de Madrid (UAM) has deployed Enterasys Security Information & Event Manager (SIEM), a powerful solution that combines best-in-class detection methodologies with behavioral analysis and information from third party vulnerability assessment tools.

The Universidad Autónoma de Madrid, one of the largest universities in Spain, operates a network serving 40,000 users, with more than 15,000 nodes and connected devices. UAM’s Cantoblanco Campus consists of about 25 buildings, including colleges, schools, research centers and other facilities.  The entire network and security infrastructure is managed by a staff of just seven personnel within UAM, working with five external professionals.

Security is a critical issue for the Universidad Autónoma de Madrid. As an educational institution, they not only have to secure their own IT assets, but also the confidential information of students, faculty and other academic records.  UAM has a comprehensive security infrastructure – including firewalls, intrusion detection and antivirus systems, and proprietary security applications – all of which generate a significant amount of data that needs to be managed easily and efficiently.

Working with Enterasys and Siemens Enterprise Communications, UAM identified two primary goals for this project.  First, they required a solution that would allow them to analyze the stored events and logs, and to correlate and prioritize that information in order to generate alerts, while also having real-time visibility into security threats as soon as they occurred. Secondly, they needed a tool that enabled storage of all of this information in a unified system, while also ensuring compliance with record storage regulations.

“Today’s major challenge for security managers is how to deal with the enormous amount of information generated by security devices, and doing it in real-time,” said Victor Barahona, computer & network security manager at UAM.  “It doesn’t make sense and it is unaffordable to devote people to analyze all that raw information. There comes a time when nobody is able to manage it in a useful and efficient way. It is to deal with this problem that we have decided to deploy Enterasys Security Information & Event Manager (SIEM).”

The features of Enterasys SIEM that UAM value most include the advanced management and network flow analysis capabilities, which allow the IT staff to obtain added value from the raw security data. The ability of Enterasys SIEM to intelligently correlate, normalize, and prioritize security information is important for this small staff, since once the initial policy setup and fine-tuning is completed, they no longer need to generate general correlation rules, and can instead focus on rules for specific environments.

UAM has already seen significant security improvements with Enterasys SIEM as they can now address threats proactively.  For example, prior to the installation of SIEM, botnets and threats were detected only after the events had occurred and thousands of malicious mails had been delivered. Now, an alert is generated at the very moment of the intrusion, and the staff can take actions much earlier. In the near future, the action will be automated, and the gap between the event and its remediation will be even further reduced.

Another key differentiator for UAM was Enterasys SIEM’s ability to interoperate in multi-vendor environments, as one of the main goals for this project was to be able to manage and store normalized information coming from a heterogeneous set of security devices and applications. “[Enterasys] SIEM is a very complete product,” said Barahona. “It not only manages events from security devices but also analyzes network flows. Its correlation engine is powerful, and enables a quick deployment, comparing to other platforms.”

About Enterasys Networks and Siemens Enterprise Communications
Siemens Enterprise Communications is a premier provider of end-to-end enterprise communications, including voice, network infrastructure and security solutions that use open, standards-based unified communications and business applications for a seamless collaboration experience. This award-winning “Open Communications” approach enables organizations to improve productivity and reduce costs through easy-to-deploy solutions that work within existing IT environments, delivering operational efficiencies. It is the foundation for the company’s OpenPath® commitment that enables customers to mitigate risk and cost-effectively adopt unified communications. Jointly owned by The Gores Group and Siemens AG, Siemens Enterprise Communications includes Cycos and Enterasys Networks. For more information about Siemens Enterprise Communications or Enterasys please visit www.siemens-enterprise.com or www.enterasys.com.