How-To Guide

Make networks and data more resilient and secure in higher education

How-To Guide

Make networks and data more resilient and secure in higher education

Higher Education system administrators face challenges keeping up with an ever-expanding IT landscape, relentless cyberattacks, and the growing needs of students, faculty, and staff.

IT and Security professionals are responsible for understanding how the entire system is working, to keep their system resilient and safe, and to be able to solve problems as they arise. This requires maintaining observability of devices across the system, and the ability to quickly understand the root cause of issues or security incidents to be able to prevent them going forward. This presents a significant monitoring and security challenge, especially with distributed hybrid environments, bring-your-own-device policies, and layers of different types and different generations of software.

Student engagement and academic success relies heavily on a variety of systems, from legacy software to the latest technology. With that comes a growing number of servers, systems, networks, applications, and endpoints, resulting in an exponentially-growing volume of data.

Recently, schools have moved from conducting a few classes online to conducting 100% of classes and nearly all school business remotely — requiring the deployment of new technology while rapidly expanding the number of remote connections to a rapidly growing and increasingly vulnerable network surface.

And as a backdrop to all of this, budgets are declining, constricting the availability to install new systems and maintain existing systems, while the requirements to stay current with technology never end.

Deploying modern log management technology has the potential to immediately start addressing the complexity of a growing Higher Education network.

Section icon for: Modern Log Management monitors for performance and security issuesModern Log Management monitors for performance and security issues

Modern log management provides a solution for the concerns of IT and security administrators in these complicated higher education settings. Because nearly everything connected to the network produces log data, it’s possible to collect and monitor it in a way that helps illustrate the performance and health of everything in the IT environment. And as we’ll show later, it does it all in a way that can generate business value while reducing already-limited budgets.

Having access to all this data can provide significant business value. Educause recently published EDUCAUSE 2020 Top 10 IT Issues, where they discuss how data can help the school understand and meet the expectations of students.

“Thanks to the rapid evolution and adoption of technology, higher education institutions have an abundance of data at their disposal—data that can be analyzed to better understand students. This data analysis, comprehension, and utilization is a must for 2020; with real insight into students' tendencies, goals, and habits, faculty and staff can communicate with individuals more seamlessly and can potentially intercept trajectories if students are not on the path to success.” 1

Many universities and colleges already collect data for IT Operations. The research firm Gartner shares insight into other ways to think about using log management. They point out that “many clients are unaware that log management tools can be leveraged for use cases beyond just collecting logs in a central repository to have them available for after-event analysis.” 1

“Use a central log management capability and tool when there are budget and staff constraints, basic security monitoring requirements, and compliance-specific use cases.” 2

Gartner describes how modern log management is used for more than IT Operations. They point out several additional security and compliance use cases emerging from using Central Log Management (CLM).

How organizations leverage CLM

Organizations are using log management to collect, monitor, and store streaming log and event data, and use it to identify and track down the root causes of performance problems, outages, delays, and data privacy and security incidents. Log management can significantly boost the abilities of higher educational institutions by providing the ability to:

  • Achieve complete observability by monitoring IT Operations to track the performance of servers, networks, devices, and endpoints.

  • Monitor for external and internal security threats with real-time alerts.

  • Conduct comprehensive investigations using correlated events to discover system problems, app performance issues, and the root causes of security incidents.

  • Remain compliant with government and industry regulations by retaining data and storing required access or change data.

  • Prepare for the unknown by collecting data that could be useful when an unanticipated problem arises.

Section icon for: Challenges with funding in Higher EducationChallenges with funding in Higher Education

Anyone working at a publicly-funded higher education institution doesn’t need to be reminded that budgets are always a challenge. Even before the recent challenges from the current pandemic, funding technology in higher education has always been a significant challenge.

With falling student enrollments, increases in competition, decreases in state funding, and overall revenue shortfalls, organizations across campus are faced with decreased budgets. IT Administrators are challenged to manage improvements to overall systems while reducing the time spent maintaining them.

Fortunately, advancements in technology often come with efficiencies that are passed along to the customer. This is true for consumer electronics, and it is true for software and systems.

Disruptive technology challenges traditional leaders with innovation and lower technology costs

Innovative companies are creating new solutions that are technically advanced, predictable, scalable, and cost less. For example, modern log management has advanced beyond traditional database technology by eliminating storage-bloating indexes and compressing log data by up to 10-20x or more. This can dramatically reduce the number of servers and storage devices currently used by universities and colleges.

Newer technology tends to be easier to learn and use

Development teams that use approaches like Agile and DevOps focus on efficiency, flexibility, and most importantly developing for the customer experience. This leads to technology that is easy to learn, and intuitive to use. With this in mind, applications are much easier to use, and platforms and systems require less training and fewer resources to keep things running.

Because of this user-centered approach and the benefits that come from process improvement, new technology often makes things simple that were once complicated. Because there are fewer resources available in higher education, the simplification of administrative tasks can reduce redundancy, take steps out of processes, and improve the results from a product or service.

Subscription-based licensing limits costs to what is actually being used

With the move to the Cloud, universities and colleges are seeing cost savings that come from capital costs reduction from spending on equipment, infrastructure, and dedicated software. By shifting those resources to the cloud, it allows schools to rent processing power without having to keep expensive hardware standing by. Most SaaS contracts include the costs of upgrades, new hardware and software, and more. There are few dedicated IT engineers needed, and there’s no energy consumption or other overhead needed to keep a datacenter running.

Cloud storage is reliable, fast, and inexpensive

Cloud providers offer durable storage that scales nearly infinitely. Data can be retrieved from the cloud nearly as quickly as it can from local disks, depending on the configuration. A single API integrates storage into applications, making storage less expensive and more convenient. The cost of using cloud object storage is remarkably inexpensive, especially if it’s not used often. For more information, see our How-To Guide: Optimize the stack with cloud storage.

As data grows, license limits force filtering logs

Traditional log management licenses are based on ingest volume — the amount of data that is collected and processed per day or per month. For the first year, costs may be in line with the amount of data. But as data volumes increase, or as new use cases are investigated, costs can go up dramatically. What seemed reasonable at 64 GB per day simply isn’t affordable at 128 GB per day.

When expensive volume-based pricing eclipses the original requirements, administrators are forced to find ways to limit the amount of data they collect. This undermines the goal of system observability, and invariably leads to slower response times, and decreased use of tools that are in place.

Unlimited licenses lift the constraints of limiting log management, and help make it affordable to log everything. In addition, this type of license could be considered as a central solution that could be used by all departments across the campus, helping reduce their overall costs and providing correlated data for improved analytics. For more information about unlimited log management, visit our website page: Why Unlimited.

This guide outlines how to use modern log management in a higher educational setting. It provides information on general concepts and offers resources for additional technical information. The following 5 steps offer a way to get started. There is more detailed information later on the page.

Steps to make networks and data more resilient and secure in higher education

Section icon for: Log data sourcesLog data sources

There are endless logs, events, and other machine data that are available to collect. Depending on the infrastructure or applications that Higher Education system administrators are responsible for monitoring, there are dozens — perhaps hundreds — of sources of data. The logs created from these sources were designed for IT and Security teams to do performance management, threat detection, and conduct troubleshooting.

Section icon for: ChallengesChallenges

Securing networks and devices and maintaining the health of the IT infrastructure in Higher Education is complicated. Managing existing services and investigating emerging technologies can become overwhelming due to a long list of challenges.

Growing data volumes make license costs unpredictable

As data loads increase, higher education organizations are discovering that their current log management tools are inadequate to meet their growth needs. As log volumes grow, so does financial pressure on security teams who want to log everything in their system but can’t afford it. Oftentimes the result is leaders choosing to limit which logs they capture, sacrificing the ability to see all events in their system, and also their ability to search historical data and find the answer to novel questions.

Specialized software, multiple types of OS and hardware, and massive amounts of data being used in non-standard ways

University and college networks are created to be open and accessible, but because of that, each student or faculty member ends up using their own systems and devices. While this can enable creativity and innovation, it makes managing IT and security operations increasingly difficult.

New students and devices every new school term

Every new quarter or semester, students enter and leave the school. New students bring new devices with them, so the landscape keeps changing. IT administrators can’t protect what the were protecting six months ago the same way.

Increasing regulatory compliance requirements

Student data contains nearly every kind of protected data, including financial data, health data, and personally identifiable information. Due to regulations and privacy policy, data must be encrypted, transmitted, and stored securely. Doing this responsibly requires extensive planning and detailed implementation. Doing it incorrectly exposes the school to penalties, lawsuits, compensation, remediation, and loss of revenue and reputation.

Higher Education is a valued target for cybersecurity attacks

School networks are often more open and less secure than business or government networks. They also store personal records and valuable intellectual property from sponsored research. Higher education networks are favored targets because of the value of the records they hold, and because they can be easier to access.

Isolated views of security data

In many organizations, IT monitoring and security solutions end up becoming isolated, and used by different organizations across the institution. As IT operations, Security, and Application Development teams grow, they can drift further from each other. By combining infrastructure, operations, development, and security data together with a central log management platform, all teams can get closer to the entire range of streaming data from across the system.

Installing and maintaining systems requires dedicated resources

Open-source systems are widely used in higher education. While many open-source tools offer similar benefits of licensed software, they often come with additional complexity that requires dedicated resources for installation and maintenance. Closed-source systems often require less labor, but they may still require one or more dedicated staff to provide updates and daily maintenance.

Modern systems are purpose-built for efficiency and ease of use, so they usually require far less maintenance. This can greatly reduce operational costs, and free up IT staff resources for mission-critical projects.

Delayed data prevents real-time detection

Many systems rely on data that needs to be indexed and stored before it’s available for updating dashboards or delivering alerts, delaying the time to detection and resolution by several minutes. Modern log management streams real-time data without indexing, so alerts are updated in real time, and investigation can begin the moment an incident occurs.

Section icon for: Choose the right log management solutionChoose the right log management solution

There are answers to be found in the data that log management collects, but it can be challenging to manage the data and connect the information in a way that correlates the data and makes it easy to search.

Modern log management can make it painless to collect data from across the entire IT environment, bring it all together, and combine it in a way to answer any question about what’s happening.

For the best results, educational institutions should use a modern log management solution optimized for speed and efficiency. Look for these hallmarks to find the best high-throughput, low-cost system.

5 Steps to make networks and data more resilient and secure in higher education

Most universities are using traditional log management systems and security monitoring systems that they originally licensed years ago. While it may be tempting to continue using tools that are familiar, there are opportunity costs of not looking at systems built recently to take advantage of today’s evolving environments.

Start with one use case, optimize it, and build the system for additional use cases. This approach allows a more thorough investigation of available technology, which will demonstrate the full power, speed, and usability of modern advances in log management platforms. In the end, it will undoubtedly make the initial time investment worthwhile.

The following five steps can provide a framework for implementing or enhancing IT Operations with a modern log management system.

The opportunities in higher education for consolidating resources and centralizing data management are endless. Unfortunately, many schools have a culture of siloed operations. While this makes it easier to create and implement technology, it can lead to inefficiencies and missing out on the benefits of scale.

Schools are encouraged to approach IT more holistically, and they’re beginning to move from having siloed applications and IT operations that are managed by different departments across the campus. By beginning the process of centralizing systems and operations, each team can benefit from the cost savings coming from scalability, and every group can redirect resources to fulfilling the mission of their organization.

One place to start is in a place where traditional systems aren’t providing the value they were originally purchased to offer. In some cases, this takes years of investigation and migration. In others, it’s as easy as installing a new service. Modern log management is one of the platforms that can be installed quickly and deployed alongside existing systems as a trial or proof of concept. Because log management can begin creating value with one data source and scale to hundreds of terabytes a day, it’s one of the places that’s worth spending a little time investigating.

Log management can accept a high throughput of data — from servers, apps, network devices, customer devices, and almost anything that performs a function — and keep it all in one central location. Even though the data is varied and unstructured, it can still be available to search in real time without indexes. This makes it easier for users across the organization to explore everything they have permissions for, and even join search results from several different data sources, getting results in seconds. In addition to cost savings, this can lead to insights into operational and strategic initiatives that were unavailable before, and can uncover strengths and pain points across the whole system.

Consider the log and event data being collected and used across the institution. Reach out to other organizations that manage these data sources, and discuss use cases for collecting it centrally and making it available for analysis.

Improve Network Monitoring

The networks of Higher Education institutions can generate hundreds of terabytes of data a day. Network sensor appliances can automatically collect and compress the data from data-intensive networks. They add traffic logging, file extraction, analysis automation, and they provide valuable information not found in network or Netflow logs.

  • Asset tagging by Campus IP

  • Geo IP/ASN for external IP addresses

  • Whois information for domains

  • Inbound/outbound ratio

  • Hundreds of fields of data about dozens of protocols.

  • Precisely time-stamped and interlinked data files

  • Logs that are 1/100th PCAP’s size

Learn more about how network monitoring appliances improve observability from these on-demand webinars:

Even though the systems of higher education institutions generate dozens of terabytes of log and event data every day, modern log management can collect massive amounts of streaming data, and make it available to visualize, alert, and search the moment it arrives. Use this streaming data to understand what’s happening across the system, and look for ways to improve performance, reduce risk, and enhance the user experience.

Once the logs are shipping into the system, it will be easy to see what is happening by searching it. Queries are the foundation for dashboards, alerts, or to learn more about a specific incident. How hard is it to learn a new set of commands and queries? Not hard at all! Here are some basics to illustrate how easy it is to get started.

Once the data has been collected, it can be searched and analyzed to answer questions about system and security issues. Perhaps more importantly, it can be used to answer questions about what’s happening with the operations of the school and with the performance of the students.

Data Analytics Can Save Higher Education

The Association for Institutional Research, EDUCAUSE, and the National Association of College and University Business Officers recently published a joint statement to strongly argue that data analytics “can save higher education.”

Meet student needs

The success of students relies on all the resources of the college or university. They need to be engaged, and they need help making progress toward graduation and careers. Data from across the campus can offer insights into the impact of classes, student resources, activities, faculty, facilities, research programs, and more.

Analyzing data can improve university operations in countless ways, including:

  • Confirming that course offerings appeal to students

  • Matching demand for courses with faculty and facilities

  • Ensuring that students have the credits they need to graduate on time

  • Making efficient use of computing resources, parking, and other facilities

  • Identifying which students are on track, which are close to graduating, and which are eligible to be auto-graduated

  • Helping students that are having problems and determine strategies and interventions to help them

  • Measuring the outcomes of programs to ensure goals are being met

Learn how students learn

Online and software-based learning platforms are being used more frequently in higher education. This movement has resulted in an explosion of data, which can now be used to improve educational effectiveness and support basic research on learning. Learning analytics is a powerful new technique to improve learning-at-scale and student modeling that drives intervention and improvement in educational software and systems.

With new technology in education comes new approaches for helping students. Advising staff can be more effective if they have early alerts to warning signs, and instant access to student information they can use in their outreach. Data dashboards can help illustrate problem areas in real time to highlight students who show patterns that they are struggling.

EdTech Magazine recently highlighted work being done by Georgia State University to tap into GSU’s student information systems for data on its 53,000-plus students. For example, the platform might alert an adviser that “Sue Jones just failed a math quiz” so the advisor can recommend that the student attends a free tutoring course. GSU also developed an in-house system to track class attendance by monitoring logons to the wifi and learning management system. With that information, they can predict demand for certain courses so the university has enough seats are available. 5

Create a Wall Monitor Dashboard

To share important information with your organization, create a wall monitor dashboard. This is great to display important results and status for use in a meeting space or lobby.

You can grant read-only access to individual widgets or entire dashboards publicly, or to a limited group. You can use “Shared Secret URLs,” which contain a special authentication token that grants read-only access to anyone that has the link.

Colleges and Universities are a highly-valued target for cybersecurity attacks. They store personal records (financial records, health information, and other sensitive data), and valuable intellectual property from sponsored research. Their systems are more open than a company of the same size, because a lot of the work depends on collaboration and the free flow of information. Higher learning institutions are viewed as favored targets because they hold many of the same records as businesses or financial institutions, but they can be easier to access.

Use centralized log management to make segmented networks observable.

Universities and colleges are challenged by having a variety of data and an ever-changing number of devices accessing the network. Data is often segmented into several separate networks, to keep data accessible and secure.

Use Log Management to make your SIEM more powerful and efficient.

Many higher education institutions have installed Security Information and Event Management (SIEM) monitoring solutions to handle the basics of security. SIEMs are a good solution if they are kept up to data and have the staff required to keep them maintained. However, they can focus on a limited number of data points, and fail to provide a full view of the network. Log management makes it affordable to monitor all endpoints and maintain 100% network visibility, and store that data longer, helping organizations comply with compliance regulations.

Educational institutions with a SIEM installed should consider the benefits and costs of installing a modern log management system to offload the burden of log aggregation and storage from the SIEM. This will enhance the ability to conduct a more comprehensive search with more data sources and longer-retained data.

Split-second search results make modern log management tools rocket fuel for security operations center (SOC) purposes. A security response team is able to go from an overview dashboard to specific logs connected with threats in seconds. A team can even hunt and find insights from encrypted traffic with help from network monitoring tools such as Corelight.

There are several options for running log management in the same environment as a SIEM. Consider running it in addition to the SIEM, collecting logs from a data pipeline, collecting logs in a data lake, or forwarding logs from the SIEM to Log Management.

For additional ways to use Log Management together with a SIEM, see the How-To Guide: Use Log Management as the Foundation of the Security Stack.

Educational institutions have a unique requirement of handling nearly all types of sensitive data. Administrators must stay informed about what is required for all types of data that are collected and stored. In many cases, there are specific requirements for creating policies for data governance, keeping data secure, protecting consumer data, and retaining records of compliance for auditing.

Schools need to ensure that they are complying with every data security and privacy regulation.

  • Implement processes to ensure transparency and control of all regulated data.

  • Consider how regulators and partners can be shown that the data collected and stored meets regulatory requirements.

  • Work with faculty to make sure that students, faculty, and staff understand the types of data collected and how it will be used.

  • Consider the regulations listed below, and use resources like the Higher Education Compliance Alliance Matrix for a more comprehensive view of national and local regulations.

Safeguard privacy rights of students, faculty, staff, and other constituents

Today’s higher education organizations are expected to protect sensitive student data–even as data volumes grow and compliance with federal, national, and state privacy laws becomes more complex.

Section icon for: Get started using HumioGet started using Humio

To understand what’s happening across complex environments, modern log management platforms like Humio provide visibility to streaming logs and event data. By monitoring this type of data the moment it happens, engineers, developers, and security professionals make sure their environment is healthy and performing as expected. When it’s not, they can search through the data to find out exactly what happened and prevent it from causing ongoing problems.

We invite you to see how Humio’s modern architecture redefines what is possible with log management.

Set up a Humio free 30-day trial. See for yourself how Humio can become the foundation for your security system. Our engineers are standing by to help you design a system that helps keep your organization more secure.

Find out more by visiting our website:

To get a free estimate of how much Humio can save your organization, visit our pricing guide.

Section icon for: About HumioAbout Humio

Humio's log management platform offers the lowest total cost of ownership, industry-leading unlimited plans, minimal maintenance and training costs, and remarkably low compute and storage requirements. Humio is the only log management solution that enables customers to log everything to answer anything in real time — at scale, self-hosted or in the cloud. Humio's modern, index-free architecture makes exploring and investigating all data blazing fast, even at scale. Founded in 2016, Humio is headquartered in London and backed by Accel and Dell Technologies Capital.

For more information, visit and follow @MeetHumio on Twitter.