Case Study: University of Oxford achieves next-generation SIEM, advanced threat hunting and cloud visibility with Elastic

University of Oxford building a next generation SIEM

The University of Oxford’s Cyber Security Incident Response Team faced the growing challenge of detecting stealthy attackers who can dwell undetected for days or months, compounded by cloud-related blind spots and the time-consuming, expensive task of combining diverse logs and audit data for effective threat hunting. With an “assume breach” mindset, the team needed a way to improve visibility and correlation across on‑prem and cloud environments to stop attacks earlier.

Oxford built an in‑house next‑generation SIEM on the Elastic Stack to proactively capture and store relevant activity, giving analysts a comprehensive historical record for fast threat hunting and correlation. The result was improved detection of indicators of compromise, better visibility across cloud and on‑prem infrastructure, faster investigations and mitigation, and a set of practical lessons shared in an Elastic webinar.

University of Oxford

Marko Jung

Global Head Information Security Operations