Case Study: University of Glasgow achieves scalable 10Gb IDS monitoring and improved malware detection with Gigamon Visibility Platform

University of Glasgow Scales its Intrusion Detection System to Support 30,000 Users

The University of Glasgow, a large research institution serving ~30,000 users, needed to scale its intrusion detection capabilities to monitor tens of gigabits of Internet traffic. Its IDS had been fed from a single 1Gb mirrored router port, which could not keep up as traffic grew and routers could not mirror traffic across multiple ports, creating a blind spot for malware and attacks.

The university deployed Gigamon’s Visibility Platform—optical traffic splitters with hardware Flow Mapping and load balancing—to duplicate 10Gb links, pre-filter irrelevant flows, and distribute traffic across multiple 1Gb IDS servers. As a result, Glasgow can now monitor all 10Gb links, detect compromised PCs earlier, run IDS on clusters of commodity servers, reduce packet loss, free the router mirror port for other uses, and reuse existing monitoring equipment while retaining headroom for future growth.

University of Glasgow

Chris Edwards

Information Security Coordinator