If you’ve visited the University of Toronto Mississauga (UTM) campus, you’re likely familiar with its advanced digital classrooms and strong commitment to sustainability. It’s no surprise that UTM is part of a tri-campus system that has been ranked as the most sustainable university in the world. However, alongside building resilience against climate threats, another story of resilience is unfolding at UTM — this time against cyber threats.

UTM is enhancing its ability to detect malicious activity by centralizing log collection and analysis. Starting in 2024, UTM initiated a campus-wide effort to collect security event logs from servers, firewalls and cloud services, sending them to the institutional platform for analysis. This initiative involved collaboration between the UTM Information & Instructional Technology Services (I&ITS) team and the institutional Information Security team.

The cloud-hosted solution, adopted as part of this initiative, integrates with many on-premises systems, requiring the team to develop new, complex skills and capabilities. With that effort, UTM has deployed log collection agents on over 300 assets and deployed over 320 rules to detect anomalous activity.

Even though the initiative is still underway, UTM is already seeing benefits in the form of greater visibility into its environment, improving threat detection and response, and gathering invaluable insights into the environment we’re securing.