Cleveland Indians turn to SIEM in malware, botnet battle

Cleveland Indians turn to SIEM in malware, botnet battle

Security and information event management goes beyond traditional anti-virus tools for baseball's Tribe.

For the Cleveland Indians' IT department, dealing with malware on behalf of hundreds of Windows-using employees at the baseball team's Progressive Field data center operations can be a little bit like a pitcher facing a stacked batting line-up: a constant battle.

Using traditional anti-virus software from Sophos helps the team avoid infections, but can't keep pace with the boom in zero-day attacks.

"When an Internet user goes to a website that has spyware, the system gets infected and tries to connect to a remote-control server somewhere," says IT Director Whitney Kuszmaul. "Most anti-virus doesn't catch a lot of things out there."

The Indians upped their game about six months ago by adopting the AccelOps security information and event management (SIEM) tool for the purpose of centralizing security events related to firewalls, intrusion-detection systems and monitoring Windows applications and security logs. Since then, the IT department has expanded its use of AccelOps, which runs as a virtual appliance in the VMware-based data center, to analyze network traffic in order to pinpoint malware infections.

The AccelOps SIEM system in real-time can pin down when a desktop appears to be under a botnet's control by correlating relevant event information available from the firewall or intrusion-detection system, and can then send an alert to the IT division. Senior Network Engineer Nick Korosi says that information is used to investigate whether the user's machine is infected in order to take steps to remediate the problem immediately.

The SIEM tool is very fast in running queries, so also takes on other task such as monitoring SQL server transactions for time delays so processes can be adjusted, Kuszmaul says. In the future, AcellOps is also expected to help automate helpdesk tickets for staff.

While the SIEM product works well for employees' Windows computers, the IT group's next challenge has to do with syncing up mobile device usage and deployment policies with management so that Android and iOS devices, for example, can be brought under the SIEM umbrella.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags VMwaresophosanti-virus management softwareSIEM and log management



Join key decision-makers within Environmental, Social, and Governance (ESG) that have the power to affect real change and drive sustainable practices. SustainTech will bridge the gap between ambition and tangible action, promoting strategies that attendees can use in their day-to-day operations within their business.

EDGE 2023

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.


ARN has celebrated gender diversity and recognised female excellence across the Australian tech channel since first launching WIICTA in 2012, acknowledging the achievements of a talented group of female front runners who have become influential figures across the local industry.

ARN Innovation Awards 2023

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

Show Comments