St. George's University
Case Study

St. George's University

Learn how St. George's University reduced false positives by replacing their more complicated legacy SIEM with the Anvilogic platform.

Download Case Study PDF

Reduced

false positives by replacing their more complicated legacy SIEM with Anvilogic

Complete

MITRE ATT&CK coverage across several techniques when there was none previously

3X

as fast in rolling out new detection rules with the Anvilogic Detection Armory

Jason Murphy

Goals

  • Develop metrics and reporting to proactively identify areas of growth and business risks
  • Reduce time spent building and deploying detections to quickly address threats
  • Improve the efficiency of the team and tools to enable proactive security work


Challenges

  • Difficulty scaling a small security team with a global footprint to stay ahead and tackle security threats
  • Inability to apply version control on many custom correlation rules
  • Saddled with doing more reactive security with fewer resources rather than developing a security awareness culture

{{cs-divider}}

{{cs-background}}

{{cs-divider}}

{{cs-testimonial}}

{{cs-divider}}

Challenges

To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.

In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.

Enter Anvilogic

The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.

Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.

Background

St. George’s University (SGU) is an international university and medical school that is committed to developing intellectual capacity, creativity, and professionalism within its student body. SGU maintains a large global footprint with 2K+ employees, 10K+ active students, and 20K+ alumni spread across three campuses in Grenada, India, and the UK, along with a team of international recruiters and administrative operations based in the US.

Since Director of Information Security Jason Murphy came onboard in 2019, he’s focused on ensuring the right tools and technologies are in place to make his security team of six more efficient. He’s also responsible for providing his leadership with the metrics to prove these efficiencies and identifying areas of growth and business risk.

"The Armory is awesome - it’s like a search engine for detections. When we want to try detecting something, we first look at The Armory before trying to create one on our own. Then, if it’s already in there, we deploy it."

Jason Murphy
VP Information & Cyber Security, St. George's University

Break Free from SIEM Lock-in

Break Free from SIEM Lock-in