LastPass: New Details Emerge from Second Security Breach of 2022
See the latest
Forge report
View the Case Study PDF
St. George’s University (SGU) is an international university and medical school that is committed to developing intellectual capacity, creativity, and professionalism within its student body. SGU maintains a large global footprint with 2K+ employees, 10K+ active students, and 20K+ alumni spread across three campuses in Grenada, India, and the UK, along with a team of international recruiters and administrative operations based in the US.
Since Director of Information Security Jason Murphy came onboard in 2019, he’s focused on ensuring the right tools and technologies are in place to make his security team of six more efficient. He’s also responsible for providing his leadership with the metrics to prove these efficiencies and identifying areas of growth and business risk.
To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.
In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.
The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.
Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.
Kickstart your security operations
Anvilogic provided the necessary threat detection automation for our small SOC, adding a significant force-multiplier advantage for my team.
To address the widespread security challenges that come with protecting the information of a global network of alumni, students, and faculty, Jason did what most organizations do: they adopted a SIEM. However, upon implementation, they found their current SIEM solution lacked helpful and actionable correlation rules that came out-of-the-box, and the rules that it did have were noisy.
In addition, adopting new detections required additional research to identify which ones they should run in their environment, with no clear way of knowing if they had the data sources needed to run those detections and requiring an admin to deploy them. As a result, the SGU SOC team deployed only custom correlation rules, which had its challenges since their SIEM lacked version control — any changes made to an original rule were lost unless someone wrote it in a notebook or shared document.
The SGU SOC team turned to the Anvilogic Modern SOC platform to scale themselves to become more proactive in their day-to-day activities. What made the overall deployment process run smoothly was due to Anvilogic’s integration with SGU’s SIEM and logging platform. In addition, utilizing the Anvilogic Detection Armory allowed SGU to quickly deploy new detections based on trending threats enabling the team to spend less time researching the latest threats. “With Anvilogic, you’re already doing the work of curating these searches for us, which is a huge time saver,” says Jason. Since implementing detections from the Armory, SGU is now 3x more efficient in deploying new detection rules. Now the team can deploy and adjust detections with speed and accuracy while maintaining visibility of any changes made due to version control.
Moreover, by leveraging Anvilogic’s machine learning-based recommendations for detections, the SGU SOC team now has higher confidence and ownership of the detections they run without relying on admin privileges or unprecedented wait times. As a result, Jason says his team can spend more time with higher-value activities, “My team and I do a lot of non-technical security work like developing policies, IT access management, compliance [and] that means communicating with other teams to help find better processes together. But we can’t do that unless we unbury ourselves from a ton of alerts that aren’t important and stick to more threat-based scenarios.” Anvilogic enables the SGU SOC team to focus on more proactive work such as developing policies, shaping the business culture to be more cyber aware, and cross-collaborate with different groups to ensure the protection of SGU’s alumni, students, and faculty.
