1 / 16

University of Arkansas Security Operations Center (SOC) Information Brief

University of Arkansas Security Operations Center (SOC) Information Brief. Overview. UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University and our Students:

billj
Download Presentation

University of Arkansas Security Operations Center (SOC) Information Brief

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of Arkansas Security Operations Center (SOC) Information Brief

  2. Overview • UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. • The SOC provides benefits to the University and our Students: • Our Students get unique hands-on security experience. • The University gets “more eyes on the network.” • We solidify our goal of being a leader in country for University IT Operations. • Helps in Student Retention. • Develops greater cyber security talent for the state.

  3. What is a Security Operations Center (SOC) ? • A SOC monitors the network looking for cyber-attacks and staffed with a team organized to detect, analyze, respond to, report on, and prevent cyber-security incidents. • A SOC provides services to the University: • Detecting and acting on suspected cyber-security incidents. • Pro Active incident handling assistance to constituents. • Disseminate incident-related information to constituents and external parties. • Help Visualize the Cyber Battlefield. • Identify Gaps and help prioritize Remediation. • Ability to accelerate threat detection and response using analytics and automation.

  4. Issues with having any SOC • Events lack context • Users are unable to grasp the big picture of an event easily and have challenges with event handoff. • Baby steps towards automation SOCs • Escalating to ticketing systems is arduous Users cannot easily escalate to ticketing systems, causing a lot of manual copying and pasting or “hacky” solutions that may surface sensitive data. • Lack of process SOCs acknowledge they need to continue to develop out and mature their processes. • Too many tools Analysts are wasting time logging into multiple tools to cross check data and investigate. • Difficulty tracking event lifecycle Users want visibility into full alert/event/case lifecycle in a single tool.

  5. Other Issues • Cost of People • Recruiting People

  6. SOC

  7. Security Functional Model Security Operations Vul Scans and Security Analytics Identity Access Management Network Protect Other Encryption -Vulnerability Scans -Security Analytics -Patching -Vulnerability & Threat Data base -AD Audit -Privileged Admin Management -Access Controls -Firewalls -IDS/IPS -Security Monitoring -Mobile Security -Endpoint Security -RSA -SSL -Symantec -Data Storage -Audit -Forensics -Incident Response -Physical Security -Compliance Tool

  8. Security • People System View • Endpoint Reports -AV • Access Changes • Threat Intell • Monitor Egress • SEIM • Netflow Analysis • Priority Alerts • App White List • Define Normal • Cloud-logs & access

  9. Daily Routine • Check Reports • Follow Up • Special Tasks • SLA • Runbooks/ Guides

  10. The Vision of our NOC-SOC

  11. Students • Recruiting – Word of Mouth and some advertising • Major in School-desired Computer Science but not required • We look for ability to learn and growth • We look at Personality to fit in our culture • We plan on keeping them for one year • They must sign an NDA

  12. Student Skill Ideals • Security Knowledge • Computer Networking • Security Monitoring Tools • Coding/Scripting • Vulnerability Scanning • Troubleshooting • Communication & Writing • Critical Thinking Creativity & Curiosity • Motivation

  13. Training • Implemented training regimen for Student Workers that includes:          • Introduction to networking    • Introduction to IT Security     • Packet capture       • Network mapping     • ProofPoint • Use of Splunk (SEIM)

  14. For Their Growth • Professional Development • Certifications • Hands On Skills • Career Goals • Resume Writing • Practice Interviewing • Growth in Skills • Mentoring

  15. Summary • The SOC provides benefits to the University and our Students: • Our Students get unique hands-on experience. • The University gets “more eyes on the network”. • We solidify our goal of being a national leader in University IT Operations. • We retain students and give back a trained resident back to the state to help businesses and education in Arkansas.

  16. Questions

More Related