Humio at MSU: Real-time Observability to Identify and Investigate Security Threats

This blog was originally published on humio.com. Humio is a CrowdStrike Company. Michigan State University (MSU) is a 160-year-old American University in Lansing, Michigan with over 50,000 students from all over the world. The logistical and security needs of the IT team at a sprawling campus in the US Midwest would stagger many corporations, even those in the world of tech.

The Challenge

Security information and event management (SIEM) was a key component to the success of the team at MSU. With the scale of a large university with constantly changing and evolving systems, paired with the pace of meeting modern technology needs, MSU knew they had their hands full. MSU needed to expand what they could do while still saving on cost. With the existing setup in the market-leading SIEM system, they were only able to ingest 500 GB a day. This did not give them the full view of everything they needed for a proper SIEM setup.

The Strategy

There was a SIEM system in place, but it was restrictive and costly. They needed flexibility, security, and the ability to monitor their systems without a great deal of overhead. Additionally MSU needed to grow the amount of data they were bringing in and acting upon. “We decided over a year ago that the current model and platform was no longer sustainable,” says CIO Rob McCurdy. “However, there were only a few alternatives in the marketplace that could adequately replace the functionality.” MSU had been actively reviewing products in the SIEM and log aggregation space but had yet to find one that met all of their core criteria. The team needed an enterprise-ready SIEM solution that provided incident response and functional security operations capabilities. Finally, they came across Humio.
"Humio’s unlimited ingest pricing now enables us to scale our data without worry." — Rob McCurdy, CIO at MSU

The Solution

MSU determined Humio was the right choice after a demo and successful initial deployment. “We were able to successfully replicate the work we had in our previous SIEM and Humio’s performance metrics exceeded our expectations,” says Rob McCurdy.
During the adoption process, the team also identified other key important factors including the Humio platform’s additional data compression and performance scaling. “One large advantage we identified was the ability to create simple role-based views for data within repositories,” says Incident Response Lead Scott Szpara. “In our previous platform, we were limited in how we were able to provide access to an entire index/repository. If we wanted to provide multiple operational IT teams with limited or restricted sets of data, we would have had to completely duplicate that data in many cases. Humio has removed those challenges.”
"We were able to fully deploy Humio and completely replace our previous solution in under two weeks." — Rob McCurdy, CIO at MSU

The Results

Humio’s unlimited ingest pricing model allows MSU to take in more data with live insights and alerts enabling deeper investigations into threats or issues when needed, satisfying MSU’s SIEM requirements and more. The team found it easy to grow with the Humio unlimited ingest site license because they are now to able scale data ingest without worrying over gatekeeping metrics or having to talk to support to move the limits. “Previously, we were only able to ingest 500 GB per day,” says Scott Szpara. “Now with Humio, we are already ingesting almost 1 TB a day and we are planning to expand to 2 TB in the next 6 months.” The Humio platform enables the MSU Security Operations and Engineering teams to identify and quantify areas of improvement, maximizing security returns on investment. Between their performance and functionality findings alongside the key factor of more cost-effective unlimited ingest licensing, the team at MSU found Humio to be the perfect solution for their large-scale security monitoring needs. “With Humio’s unlimited license, we will no longer have holes in our aggregate data,” says Rob McCurdy. “On our previous platform, we would have a large portion of data in the search results, but ultimately would still need to log into source systems and review logs manually. Humio’s unlimited ingest pricing now enables us to scale our data without worry.”
"Previously, we were only able to ingest 500 GB per day. Now with Humio, we are already ingesting almost 1 TB a day and we are planning to expand to 2 TB in the next 6 months." — Scott Szpara, Incident Response Lead at MSU
Breaches Stop Here