This proposed project is a joint effort of Information Security and Innovation teams to “Explore Cloud solutions for Near Realtime Actionable Alerts from Massive Security Logs.” This project aligns closely with the Cloud Infrastructure Readiness and Cyber Security efforts at Fresno State.

Security logging is important for identification of policy violations, investigation of malicious activities, and record tracking of other analogous events. Regulations also require the collection and retention of security logs.

The volume and importance of log data is growing. As universites migrate from on-premises to the cloud, a long-running problem is what one should do with all this log data and how to analyze it.The cloud infrastructure promises a lower cost opportunity for universities to secure, analyze, and manage security logs. But pushing security log records to the cloud poses new challenges. Universities want to capture and consolidate their on-premise and cloud security logs to maintain a comprehensive view of their security posture.

This project will improve security by implementing and using the Elastic Stack to achieve actionable Security Information and Event Management (SIEM) alerts from analysis of security logs stored and maintained in a cloud based environment.

The project aims to leverage the AWS Elasticsearch service to deploy, secure, search and analyze security logs in near real-time. The project will integrate the open-source tools Kibana and Logstash for data ingestion and visualization.

The project’s outcome is to minimize the time when the university learns of a cyber threat to when it responds to a threat. Thus the university would become more secure, informed, and responsive to threats.

Nov 2018 - Project Kick Off / Planning and Design

01/2019 - 03/2019 - Cloud Architect Ready

• Optimizing Storage: Tiered data solutions in EBD, S3, and Glacier
• Data Integration Endpoints (pipeline)
• Deployment of ELK stack for Logs and Metrics: Elasticsearch (deep search and data analytics), Logstash (centralized logging and parsing) and Kibana (powerful data visualizations).

04/2019 ~ 06/2019 - Complete initial implementation of

• Log Integrations from current On-Prem and Cloud (Sandbox) systems and networked devices
• Implementation of Data Analytics, Dashboards, and Actionable Alerts

07/2019 ~ 09/2019 - Complete the prototype and sandbox test runs (with business logics)

10/2019 ~ 11/2019 - Implementing enhancements and full-scope test runs

By 12/31/2019 - Complete the project and assessment report and recommendation of a budget proposal.

• Technology and Functional assessments: In collaboration with our infrastructure teams, we will evaluate the developed Cloud-based solution to deliver no less than the current on perm solutions to identify Enterprise Risks and to pinpoint and prioritize risk responses.
• TCO comparison of the current On Prem vs new developed Cloud based solution

It is one of Fresno State’s top IT strategic planning with the Information Security Efforts with Spirion, Awareness Campaigns, Proactive Tool Implementations, and other initiatives will be important to protect our people and our university. The successful outcome of this project will provide us a more innovative approach to more effectively and proactively detect and prevent security issues. By taking advantage of Cloud-based Elastic architecture, we will potentially further saving the cost to replace the current on-perm solutions with the additional benefit of the increased agility to adopt new technology innovations relevant to IT security.

• Share with CSU peer campuses for future collaboration and establish partnerships
• Present in the national conference, i.e., Educause, AWS re:Invent
• Apply grants for continue development or large scale research studies
• Publishing the design and code development with the Open-source community.

Orlando Leon (oleon@csufresno.edu)

Chief Information Officer