[Upcoming Webinar] Post Splunk: Your roadmap to adopting a cost-effective cloud-native security data lake at your own pace. Join us on October 3
Register Now
Skip to main content
Customer Story

St. George's University

Reduced
false positives by replacing their more complicated legacy SIEM with Anvilogic
Complete
MITRE ATT&CK coverage across several techniques when there was none previously
3X
as fast in rolling out new detection rules with the Anvilogic Detection Armory
Goals
  • Develop metrics and reporting to proactively identify areas of growth and business risks
  • Reduce time spent building and deploying detections to quickly address threats
  • Improve the efficiency of the team and tools to enable proactive security work
Challenges
  • Difficulty scaling a small security team with a global footprint to stay ahead and tackle security threats
  • Inability to apply version control on many custom correlation rules
  • Saddled with doing more reactive security with fewer resources rather than developing a security awareness culture
Industry
Higher Education
Tools
Logging Platform
SIEM
EDR
Dynamic Asset Intelligence (Hubble)
More Information

View the Case Study PDF

Background

St. George’s University (SGU) is an international university and medical school that is committed to developing intellectual capacity, creativity, and professionalism within its student body. SGU maintains a large global footprint with 2K+ employees, 10K+ active students, and 20K+ alumni spread across three campuses in Grenada, India, and the UK, along with a team of international recruiters and administrative operations based in the US.

Since Director of Information Security Jason Murphy came onboard in 2019, he’s focused on ensuring the right tools and technologies are in place to make his security team of six more efficient. He’s also responsible for providing his leadership with the metrics to prove these efficiencies and identifying areas of growth and business risk.

The Armory is awesome - it’s like a search engine for detections. When we want to try detecting something, we first look at The Armory before trying to create one on our own. Then, if it’s already in there, we deploy it.

Jason Murphy
Director of Information Security, St. George's University

Challenges

To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.

In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.

Enter Anvilogic

The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.

Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.

Research to keep you up-to-date on threats

Learn more

Interested in joining the Anvilogic team?

See careers

Ready to learn more about Anvilogic?

Kickstart your security operations

Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.
Lucas Moody
CISO, formerly Twitter

Case Study

St. George's University

Customer Story
Share:
Reduced
false positives by replacing their more complicated legacy SIEM with Anvilogic
Complete
MITRE ATT&CK coverage across several techniques when there was none previously
3X
as fast in rolling out new detection rules with the Anvilogic Detection Armory

Challenges

To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.

In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.

Enter Anvilogic

The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.

Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.

Chat with our team to receive a free maturity assessment

Get in Touch

[Upcoming Webinar] Post Splunk: Your roadmap to adopting a cost-effective cloud-native security data lake at your own pace. Join us on October 3
Register Now
Skip to main content
Case Study

St. George's University

Download Case Study PDF

Discover insights from experts across the Anvilogic team

Customer Story
Text Link
Reduced
false positives by replacing their more complicated legacy SIEM with Anvilogic
Complete
MITRE ATT&CK coverage across several techniques when there was none previously
3X
as fast in rolling out new detection rules with the Anvilogic Detection Armory
Reduced false positives by replacing their more complicated legacy SIEM with the Anvilogic platform.

Customer Profile

Higher Education
Industry
Logging Platform
SIEM
EDR
Dynamic Asset Intelligence (Hubble)
Industry

Goals

  • Develop metrics and reporting to proactively identify areas of growth and business risks
  • Reduce time spent building and deploying detections to quickly address threats
  • Improve the efficiency of the team and tools to enable proactive security work

Challenges

  • Difficulty scaling a small security team with a global footprint to stay ahead and tackle security threats
  • Inability to apply version control on many custom correlation rules
  • Saddled with doing more reactive security with fewer resources rather than developing a security awareness culture

Challenges

To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.

In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.

Enter Anvilogic

The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.

Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.

Background

St. George’s University (SGU) is an international university and medical school that is committed to developing intellectual capacity, creativity, and professionalism within its student body. SGU maintains a large global footprint with 2K+ employees, 10K+ active students, and 20K+ alumni spread across three campuses in Grenada, India, and the UK, along with a team of international recruiters and administrative operations based in the US.

Since Director of Information Security Jason Murphy came onboard in 2019, he’s focused on ensuring the right tools and technologies are in place to make his security team of six more efficient. He’s also responsible for providing his leadership with the metrics to prove these efficiencies and identifying areas of growth and business risk.

The Armory is awesome - it’s like a search engine for detections. When we want to try detecting something, we first look at The Armory before trying to create one on our own. Then, if it’s already in there, we deploy it.
Jason Murphy
Director of Information Security, St. George's University

Challenges

To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.

In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.

Enter Anvilogic

The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.

Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.

Scale Detection Engineering And Threat Hunting Across All Of Your Data Lakes And Security Tools.

Book a Demo