2019 CSO50 Awards

How 5 universities stretch security capabilities, budgets with shared SOC

Faced with limited resources and constant threat of attack, five midwestern universities created OmniSOC, a CSO50 award-winning joint security operations center, to complement their own on-site SOCs with 24/7 analysis, triage and threat hunting.

Higher education faces a lot of the same threats as other sectors: phishing, zero-days, APTs and more. Given that university campuses often operate like small cities, they can face their own unique challenges.

Thousands of students constantly come and go on campus, bringing their own devices and using on-site equipment. Advanced research might require bespoke equipment that needs to be securely plugged into the network, creating information that then needs to be protected by an under-resourced security team.

According to higher education non-profit Educause, information security strategy is the main IT issue in the sector and has been since 2016. IBM’s 2018 Cost of a Data Breach survey states that it takes education organizations an average of 217 days to find a threat and 84 to contain it.

Pooling resources for a shared security operations center

To better combat the threats they are facing, a group of universities in the Midwest joined forces to create a joint security operations center (SOC), known as OmniSOC, to supplement their own SOCs with added capabilities. Based at Indiana University, OmniSOC, which won a CSO50 Award for security innovation, currently serves five universities: Indiana University, Northwestern University, Purdue University, Rutgers University and the University of Nebraska. It provides services such as 24/7 event monitoring and triage, incident alert notification, call center services, threat hunting and analysis and threat intelligence collection and sharing.

OmniSOC collects real-time security information data feeds from each member university and collates with other intelligence and data feeds. It monitors and identifies suspicious or malicious traffic or events and escalates that back to the university’s on-site SOC if required. Currently, OmniSOC has six service desk technicians providing tier-one analysis and triage, three security engineers doing tier-two security analysis and threat hunting, and four and a half people on platform engineering.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!