Cybersecurity attacks remain a substantial threat to higher education institutions, including RIT. Safe-guarding and reducing risk to our campus Information assets continues to be a priority among our strategic initiatives.
RIT has partnered with Rapid7, an industry leader in cybersecurity, to establish additional information security protection through InsightIDR. InsightIDR is a Security Information and Event Management (SIEM) platform that collects and analyzes data to proactively detect potential security threats.
InsightIDR uses multiple event sources to collect the data it needs to protect our environment and help us quickly detect and respond to malicious activity on our network. The following table displays what categorical information is collected by specific event sources:
Microsoft Active Directory, LDAP server logs, Rapid7 Metasploit, Virus scanner, VPN, and Endpoint Monitor
Microsoft Active Directory security logs and the DHCP server logs, Nexpose, and Endpoint Monitor
IP Address History
Microsoft Active Directory security logs, DHCP server logs
VPN server logs, Cloud services for example, Cloud services (e.g. AWS, Box.com), and Microsoft ActiveSync
DNS server logs, firewall, Web proxy, Cloud service - Box.com, Okta, Salesforce, and the Microsoft ActiveSync servers
Microsoft Active Directory security logs, DHCP server logs, endpoint monitor, VPN servers (IP address ranges), DNS server logs, Firewall, and the Web proxy