Higher education faces a lot of the same threats as other sectors: phishing, zero-days, APTs and more. Given that university campuses often operate like small cities, they can face their own unique challenges.
Thousands of students constantly come and go on campus, bringing their own devices and using on-site equipment. Advanced research might require bespoke equipment that needs to be securely plugged into the network, creating information that then needs to be protected by an under-resourced security team.
According to higher education non-profit Educause, information security strategy is the main IT issue in the sector and has been since 2016. IBM’s 2018 Cost of a Data Breach survey states that it takes education organizations an average of 217 days to find a threat and 84 to contain it.
Pooling resources for a shared security operations center
To better combat the threats they are facing, a group of universities in the Midwest joined forces to create a joint security operations center (SOC), known as OmniSOC, to supplement their own SOCs with added capabilities. Based at Indiana University, OmniSOC, which won a CSO50 Award for security innovation, currently serves five universities: Indiana University, Northwestern University, Purdue University, Rutgers University and the University of Nebraska. It provides services such as 24/7 event monitoring and triage, incident alert notification, call center services, threat hunting and analysis and threat intelligence collection and sharing.
OmniSOC collects real-time security information data feeds from each member university and collates with other intelligence and data feeds. It monitors and identifies suspicious or malicious traffic or events and escalates that back to the university’s on-site SOC if required. Currently, OmniSOC has six service desk technicians providing tier-one analysis and triage, three security engineers doing tier-two security analysis and threat hunting, and four and a half people on platform engineering.