As higher education leaders address one of the most pressing concerns on campus — the threat of a cybersecurity breach that causes financial, reputational and individual damage — some institutions are joining forces by establishing security operations centers.
SOCs help colleges scale security operations and leverage the power of aggregated data for the purpose of speeding up threat detection and response. OmniSOC, one of the first such efforts, was launched by Indiana, Northwestern, Purdue and Rutgers universities and the University of Nebraska in 2018.
Rick Haugerud, assistant vice president for information security at the University of Nebraska; Michele Norin, senior vice president and CIO at Rutgers University; and Sean Reynolds, vice president and CIO at Northwestern University, discussed this model on Tuesday in “CISOs and CIOs Collaborate to Mitigate Cyberrisk: The OmniSOC,” presented in Chicago at the annual EDUCAUSE Conference.
They were joined by Tom Davis, founding executive director and CISO at OmniSOC, which is housed at IU.
Data Aggregation Gives Member Institutions Another Layer of Security
The goal of OmniSOC is to help members reduce the time from the first detection of a threat anywhere to mitigation everywhere, Reynolds said. They do that by creating a system for real-time information-sharing (think firewall and Domain Name Service logs, among others), paired with additional analysis that supplements existing efforts on campus.
Given the complexity and pace of cybersecurity threats, said Reynolds, “Our traditional response of local, on-campus SOCs isn’t sufficient in a world of Big Data, analytics and the opportunity to automate responses.”
By aggregating threat activity and intelligence, however, institutions can establish a defense, together, that’s stronger than any university would be on its own.
“Detect and respond — that’s where OmniSOC comes into play,” Haugerud said, referring to the third and fourth functions in the National Institute of Standards and Technology Cybersecurity Framework. “We believe there are enough commonalities in higher education that detect and respond can be automated more precisely because of the similarities in the things that we do.”
In one case, malicious traffic from China that sought to exploit the networked interface of a security camera at Rutgers was detected, Norin said. That information flowed to OmniSOC, which analyzed the data and helped Rutgers identify the responsible party, so it could notify them and apply appropriate firmware.
That’s a win for the institution, of course, but the strength of OmniSOC is that these findings can also help other universities, Norin said.
“The other opportunity here is the OmniSOC now can notify partnering schools around a threat,” she said. “Something that happened to us might also be happening to other schools in the program, and they will be able to share that information out as well.”
Member institutions also benefit from the sheer amount of data to which OmniSOC has access, Davis noted. That allows analysts to provide not only alerts, but also the contextual information that makes it easier to identify a threat — for example, “this is what it looks like when it hits,” he said.
Security Operations Centers Collaborate with On-Campus Teams
A key point that panelists made is that the OmniSOC doesn’t replace on-campus security — far from it. Haugerud described OmniSOC’s engineers and other staff as “extensions of our team,” a relationship bolstered by regular meetings and conversations.
“We still do our own threat detection. They are an expanded level of information, so they enhance what we’re doing,” Norin emphasized. “We’re adamant about the fact that this is really a collaborative effort.”
It’s that collaboration, she said, that allows OmniSOC members to move as quickly as they do when a threat arises.
OmniSOC also has an internship program designed to give students experience in cybersecurity and, ideally, help to develop a pipeline of future professionals. It is also collaborating with institutions to facilitate research into cybersecurity and cyber infrastructure.
See more of our EDUCAUSE coverage here.