By Aaron Coloma, Jan.6, 2024
Cal Poly Pomona added an award-winning cybersecurity program called IBM QRadar SIEM to its arsenal in November 2023.
The program covers the entirety of CPP’s campus online network and centralizes data for easier cyberattack detection. QRadar eliminates repetitive tasks by automating manual processes, accelerates threat recognition and merges with existing programs to streamline operation.
QRadar provides analytics concerning network threats, user behavior and threat intelligence, which prioritizes more prominent incidents by type. The new program is useful in many different cases, such as detecting threats by using AI and quickly responding to ransomware, a type of cyberattack in which attackers demand payment for files which are locked by malicious software.
“Let’s say a student receives an email or does something to their account and their computer gets compromised,” said John McGuthry, vice president for information technology & institutional planning and chief information officer.“This person or entity is now sending thousands of messages to all of the other students trying to get them to fall for a scheme. If someone’s now sending out thousands of messages at a time, there’s something strange about that. They’ll look and investigate and try to stop it.”
Threat detection like this allows quick responses to incidents at CPP similar to a human error data leak in 2019 which compromised thousands of students’ information within the College of Science.
McGuthry also stated gradual upgrades through programs such as QRadar are important for adapting to new information.
“We’re always looking to make incremental improvements to make our wall harder to climb if someone wants to compromise our environment,” said McGuthry.
One such change was the implementation of DUO and 2-step authentication for CPP students and faculty in 2021. Assistant Vice President for IT Security & Compliance and Chief Information Security Officer Carol Gonzales revealed they were looking to extend this requirement to applicants as well.
IBM reports its program monitors over 84,000 devices across campus, flagging anywhere between 20 and 40 incidents for investigation daily.
QRadar has received awards for its performance, such as the SIEM Solution Provider of the Year in 2023 by the CyberSecurity Breakthrough Awards, the Top Rated SIEM Software on TrustRadius and ranked No. 1 in the SIEM reports on G2 for fall of 2023 and winter of 2024.
Gonzales also talked about the process her team follows to protect CPP and how thorough they had to be to protect our school’s network.
“The things that we do are in three categories: prevent, detect and correct,” Gonzales said. “We do a lot to prevent, we do a lot to detect, if worst comes to worst we correct. Can we guarantee that nothing bad will happen? No. But we sure are working hard to make sure. It’s not just your information, it’s ours. We take this very personally.”
McGuthry echoed Gonzales’ perspective and voiced his hopes that students held peace of mind over the data they provide to CPP.
“Hopefully you come here and never have to think about what you give the university,” McGuthry said. “Part of my job is making sure the information you give the university stays here.”
Business management and human relations student Sydney Kallmann expressed how protected she felt through CPP’s cybersecurity efforts.
“I feel safer knowing that my information is secure,” Kallmann said. “Just knowing that our school cares about our safety is nice.”
Kallmann continued by explaining her appreciation of the hard work done to preserve her information.
“Cybersecurity is important,” Kallmann said. “It’s just nice to know our information is secure because even in just BroncoDirect and Canvas we have so much personal, private information that we obviously want protected.”
Feature Image Courtesy of the Division of Information Technology & Institutional Planning.