Page 52 - Campus Technology, March/April 2020
P. 52
2019
Category: IT Infrastructure and Systems Institution: Indiana University
Project: OmniSOC
Project lead: Tom Davis, associate vice president, information security, and executive director and chief information security officer, OmniSOC
Tech lineup: Elastic
things might deliver benefits that we can use to better protect ourselves in the future.” Beneficiaries include campus IT security
teams, freed from the overwhelming task of analyzing security information and event data, as well as faculty and staff, who can rely on sensitive information remaining safe and protected. OmniSOC also provides internship opportunities for students, who learn about collaborative security and best practices using
with its founding members: Indiana University, Northwestern University (IL), Purdue University (IN), Rutgers University, and the University of Nebraska-Lincoln.
OmniSOC is a shared cybersecurity operations center for higher education. Its central operating principle is articulated very simply on its home page: “...this pioneering initiative strives to help higher education institutions reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members.”
new technology to mitigate threats.
OmniSOC is informed through many sources.
It examines real-time security information data feeds from all member campuses, along with governmental and corporate security subscriptions. It also exchanges threat intelligence or indicators of compromise with institutions throughout the higher education sector — for example, this type of sharing may be done through OmniSOC’s membership in the Research and Education Networks Information Sharing and Analysis Center (REN-ISAC).
The sharing of security data is probably one of the most unique aspects of OmniSOC, and it is an example of some of the best values of the higher education sector, especially held in contrast with general practices across the
Project lead Tom Davis is IU’s associate vice
president for information security and
OmniSOC’s founding executive director and
chief information security officer. “We will be
monitoring security information and event data cybersecurity industry.
for our member networks...” he explained in an informative video introduction to OmniSOC, adding, “If we identify a threat of interest we will notify the member campuses so they can investigate.” Rick Haugerud, assistant vice president of information security for member campus University of Nebraska-Lincoln, went on to point out the long-term value of gathering sector-specific data: “As the Big Ten institutions continue to collaborate on the OmniSOC and the collection of threat data, it will give us a treasure trove of threat intelligence that we’ll be able to analyze and sort through and try to determine if there’s any rhyme or reason to how some of these attacks begin, how quickly they’re going to spread, the direction they might spread — any of those
While it’s probably not appropriate to publish a full list of tools and resources used by any security operations center, OmniSOC staff are happy to point us to just one of its core technologies, the Elastic stack. With its dashboards and visualizations, this technology offers quick visibility of threat data and enables interactive security analytics and effective threat hunting. Security personnel can use one data source to access another and compare data in a common language. Elastic also includes a powerful search technology: Cross-cluster search allows OmniSOC operators to ingest massive amounts of structured and unstructured data so they may analyze it across all members, in order to supply members with the best possible information for decision-making.
52
CAMPUS TECHNOLOGY | Mar/Apr 2020