RMIT

Case Study

Royal Melbourne
Institute of Technology

The Royal Melbourne Institute of Technology (RMIT) is one of Australia’s oldest and most respected universities. It is also  The Royal Melbourne Institute of Technology (RMIT) is one of Australia’s oldest and most respected universities. It is also Australia’s largest university, with over 100,000 students currently enrolled, along with over 12,000 staff members. This translates into an enormous amount of data generated that needs to be ingested, analyzed, and stored. RMIT currently processes over 300Gb/day and intending to double that in the next year. RMIT, like other universities, is in a unique position where the security threats are both external and internal to the network. RMIT’s Security Operations Centre (SOC) needed a Security Information and Event Management (SIEM) solution that was big enough and fast enough to help them do their job. RMIT found that solution in SIEMonster’s SIEM platform running on AWS Managed Services. 

RMIT’s CISO, Mr. Tony Aramze and his team were struggling to cover all the end points they needed to due to their previous SIEMsolution provider’s unaffordable pricing.

“The costs to ingest/manage nearly 300Gb/day (and growing) were astronomical when compared to SIEMonster.”

Mr. Aramze noted that not only was the cost of their previous product expensive, it grew more and more unaffordable with every

additional switch requiring further licensing. This is because previous providers charged by events per second (EPS) or amount of data ingested. As a young and agile start-up however, SIEMonster has been happy to adapt to RMIT’s requests. For example, if RMIT has a bespoke log they want to ingest, the SOC can choose to either write the parser themselves or provide sample logs to the SIEMonster team, who then integrate them within a short time frame.

With such a large environment needing security, RMIT boasts a substantial and diverse variety of logs that SIEMonster ingests. “We have a huge variety of Unix, Windows DCs, Firewalls URL logs, CAS, Wireless Controllers, Apps and a small number of Windows 10 endpoint devices. We’re looking to add Windows Defender ATP and Workday HR system soon too”. Given the variety and number of logs, being able to access and analyze the data quickly is also very important to the team.

SIEMonster running on AWS Managed services was deployed for the customer. Using AWS resources the solution could scale vertically and horizontally. SIEMonster works with RMIT to expand its network to different types of endpoints, such as door proximity sensors and surveillance cameras.SIEMonster exists to make security professionals’ job easier, from implementation to reporting and everything in between. Even in such an enormous virtual and physical environment, 

SIEMonster offered easy implementation, with Mr. Keyur Levingia, RMIT’s Senior Manager of Cybersecurity, reporting that “SIEMonster did everything for us. We handled the bare VM shells and they installed and configured the SIEM, connected our authentication system and on boarded all log sources”. With an ingestion of over 300Gb/day, this was no small task, but RMIT is yet to find any faults with SIEMonster’s solution. Mr Levingia has been very pleased with “the

ease of the writing log parsers and the speed of the tool in general”. With “excellent response and support provided by SIEMonster”, RMIT’s security is in safe hands.

SIEMonster’s scalability, and flexibility made for the perfect solution to RMIT’s security problem. This can only be achieved by running AWS Managed Services like Managed Kubernetes, Kafka and Open Search.