RMIT.

The challenge

RMIT, like other universities, sits in a unique position — security threats are both external and internal to the network. Its Security Operations Centre needed a SIEM big enough and fast enough to do the job, and found it in SIEMonster running on AWS managed services.

RMIT’s previous provider charged by events per second and data volume, and the costs had become unsustainable. “The costs to ingest and manage nearly 300GB a day — and growing — were astronomical compared to SIEMonster,” the team noted. Every additional switch meant more licensing.

RMIT’s environment is also remarkably diverse: “We have a huge variety of Unix, Windows DCs, firewall and URL logs, CAS, wireless controllers, apps and Windows endpoint devices.” As an agile partner, SIEMonster adapts — if RMIT has a bespoke log to ingest, the SOC can write the parser themselves or send sample logs to the SIEMonster team, who integrate them quickly.

The solution

SIEMonster running on AWS managed services was deployed for RMIT, scaling vertically and horizontally with demand. SIEMonster works with RMIT to extend coverage to new endpoint types — including door proximity sensors and surveillance cameras.

Implementation was straightforward even at enormous scale. “SIEMonster did everything for us,” reported RMIT’s Senior Manager of Cybersecurity. “We handled the bare VM shells and they installed and configured the SIEM, connected our authentication system and onboarded all log sources.” The team has been pleased with the ease of writing log parsers and the speed of the tool, backed by excellent response and support.

SIEMonster’s scalability and flexibility made it the perfect fit for RMIT’s security problem — achievable only by running AWS managed services such as managed Kubernetes, Kafka and OpenSearch.