As a research-intensive Russell Group university with around 22,000 students and 4,500 staff, the University of Exeter collects a lot of valuable information that needs to be both highly secure and easily accessible.
These requirements led Chief Information and Digital Officer Alan Hill to develop a proactive approach to cyber defence built on Splunk's security analytics software.
"We're using Splunk to look at what is going on inside that environment in ways we couldn't see before and continuing to improve our protection around research data related to commercial research, intellectual property, and patents, because that is our crown jewels," says Hill.
"We're wrapping Splunk around these really important areas and around student data, because we know those are our biggest risks."
Splunk's anomaly detection system helps Exeter monitor an enormous volume of data by using AI to automatically spot potential threats that a manual process would miss and alert staff to the risk.
"My team can then very quickly drill down in a series of clicks to the IP address of the particular machine that's behaving in this particular manner, and then they can take action around it," says Hill.
Military-grade cyber security
Hill joined Exeter three years ago after a career in the military that culminated in the role of 'head of operate and defence' at the Ministry of Defence where he was responsible for securing the operational network that protected troops on the ground, aircraft in the sky, and ships in the sea.
"The really key thing about universities is, by definition, we're open environments," he says. "We're not like the Minister of Defence - completely closed so you can't get into the network without really trying hard.
"We're an open environment. We've got 22,000 students on Bring Your Own Devices inside the network. And that presents different challenges for people. Not many other sectors have that challenge. So this is not a traditional environment where you can control access."
Exeter had to balance this open access with cyber defences that would protect the university's reputation, research income and day-to-day operations, while giving students and staff the digital tools they want to learn and teach.
The university also had limited resources, which meant it needed a single cybersecurity tool that could be used by all staff.
To find the best options, Exeter sought the advice of Gartner, which recommended both Splunk and Sumo Logic. Splunk won the contract due to its ability to respond to anomalies at speed and because the on-premise software was more affordable than the cloud solution.
"The market has a lot of people who do security or do IT ops management or do apps management – they're sort of single stovepipes," says Hill. "Splunk and Sumo Logic are the leaders in my view in bringing that all together into one.
"At the end of the day, it's just machine data, and it's the analysis that allows for different use cases. That's really important for a small outfit like ourselves, where we can't afford multiple tools. We need one tool and one set of training with shared knowledge."
The deployment of Splunk is almost complete, but Hill wants to continuously investigate the new opportunities that the software could create, such as using its analysis to manage systems more efficiently.
"Splunk will give us that ability to look at things in a different way and respond quickly," he says. "We still get hit by phishing emails and spearfishing on a daily basis. We get brute-force attacks reasonably regularly. And we're working around all of those, as well as what's going on internally.
"What is already here that we can't see? And it's that new thing which is going to be really interesting. Splunk will help us on stuff coming in, but it will also help us on what's already in and how do we find it."