Top 100 University Chooses Keysight Visibility to Scale Its Security Operations

The Rheinisch-Westfälische Technische Hochschule (RWTH) University at Aachen, Germany serves about 50,000 students and ranks among the top 100 universities worldwide in the Times Higher Education ranking. As the nation’s second largest technical school of its kind, the German Research Network doubles the bandwidth it makes available to RWTH Aachen users every few years — free of charge.

“Here at Aachen, things are always a little bit bigger than at a smaller university; that’s the nature of the Internet,” says Jens Hektor, graduate physicist, Security Operations Center (SOC). “Our physics group is participating in experiments with the Large Hadron Collider (LHC) particle accelerator which involves moving very large amounts of data.”

Together, the growing traffic volumes, sophisticated new cyberthreats, and massive surges in bandwidth drive up requirements for security monitoring and data backups. To scale operations quickly without overinvesting in new tools, the RWTH Aachen IT and security teams rolled out a Keysight Network Visibility Platform to streamline security monitoring operations.  

Two Vision X Network Packet Brokers (NPBs) aggregate traffic from nearly 300 buildings across the city and centralize generation of flow data to uplevel threat detection and analysis within the SOC.

Visibility Helps Scale Threat Detection into the Future

The SOC team realized that its previous monitoring architecture could not keep up skyrocketing traffic volumes and decided to adopt to more scalable approach. The university called in systems integration experts from dakoServ, a longtime Keysight partner, to help administer a proof of concept (PoC) for upgrading its visibility infrastructure to support a new distributed monitoring infrastructure.

“We rebuilt the network infrastructure to add more routing and now we have routers distributed across 300 buildings all over the city,” Hektor explains. “Now it’s possible for one building to talk to another without the traffic going over the central core, so we needed to add more visibility at the edge.”

DakoServ Managing Director Thomas Albert recalls the value of proven collaboration in making the upgrade happen. “dakoServ planned and integrated highly scalable Keysight packet brokers in a very challenging security environment,” Albert says. “Together with the experts of RWTH, our consultants made this project a great success!”

Propelled by the close collaboration, the project progressed to the deployment of two Keysight Vision X packet brokers at core operations centers and multiple Vision Edge 100 devices to collect flow data at sites throughout the campus. The NetFlow insights generated by Vision X deliver granular details and metadata about traffic flowing into the network.

Read the full case study to learn more about RWTH Aachen’s city-wide network modernization and how shifting centralized flow generation to Vision X improves the efficiency, accuracy, and scalability of its security monitoring operations.  And why, down the road, the IT Center team can foresee continuing to upgrade its network and security operations.

“We already know that one Linux system we use to visualize and monitor the NetFlows is nearly at its end because there are so many flows that even producing graphs becomes a challenge,” Hektor explains, noting evolution beyond a 100G infrastructure could also occur down the road.  In the meantime, using modern network visibility to collect and optimize the use of data coming from 300+ monitoring routers equips the IT Center to enhance capacity, scale, and data security at the same time.