Case Study: Duke University achieves rapid incident response and robust fraud protection with Carahsoft and Splunk Enterprise

Duke University Gains Powerful Security Insights and Fraud Protection

Duke University, a large private research institution with more than 68,000 active network users, faced significant security and visibility challenges—no centralized SIEM, manual incident investigations, unreliable email filtering, and exposure to phishing and payroll fraud. Working with vendor Carahsoft, Duke selected and deployed Splunk Enterprise to meet the needs of its lean IT organization and diverse campus stakeholders.

Carahsoft helped implement Splunk Enterprise across the university—ingesting logs from ~3,000 devices and 200+ source types—and delivered real-time alerting, geoIP email dashboards, and phishing-tracking views. As a result (per Duke), incident investigation and remediation times fell from hours to minutes, phishing-related payroll fraud was detected and prevented, early DDoS identification improved, and the university saved thousands of hours while strengthening its overall security posture.

Duke University

Richard Biever

Chief Information Security Officer