Case Study: Duke University achieves faster incident response and fraud protection with Splunk

Duke University Gains Powerful Security Insights and Fraud Protection

Duke University, a private research institution serving about 15,000 students and more than 68,000 active network users, faced fragmented logging, slow manual incident investigations, and limited visibility into threats — including junk email sources and a December 2013 phishing attack that led to payroll theft. The IT Security Office needed a SIEM-capable solution that could be used across distributed teams with minimal learning curve.

Duke deployed Splunk Enterprise (1.25 TB license across IT/medical/academic units) with ~3,000 forwarders ingesting 200+ data sources, built geoIP and phishing-tracking dashboards, and implemented real-time alerting that can trigger IPS blocking. The result: investigations that once took hours now take minutes, improved detection of DDoS and phishing, prevention of payroll fraud, and stronger, more collaborative security across campus.

Duke University

Richard Biever

Chief Information Security Officer