Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.

Slides:

Advertisements

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Advertisements

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Computer Security: Principles and Practice

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

General Awareness Training

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Chapter 6 of the Executive Guide manual Technology.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The Real Deal With SIM/SEM The Promise of Security Information / Event Management Scott Sidel Sr. Security Manager Computer Sciences Corp.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Frontline Enterprise Security

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.

© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.

Why SIEM – Why Security Intelligence??

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Q K-12 Blueprint Overview. 2 The K-12 Blueprint offers resources for education leaders involved in planning and implementing personalized learning.

CENTRALIZING INCIDENT RESPONSE RSA NetWitness Brana Nikolajevic Sales Specialist / Territory Manager Threat Detection and Response RSA NetWitness.

September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.

Defining your requirements for a successful security (and compliance

Proactive Incident Response

Your Partner for Superior Cybersecurity

Fourth Dimension Technologies

IoT Security Part 2, The Malware

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

OIT Security Operations

Hybrid Management and Security

Cybersecurity - What’s Next? June 2017

Critical Security Controls

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Hybrid Management and Security

Microsoft Operations Management Suite Insight and Analytics

Cloud Adoption Framework

LCG/EGEE Incident Response Planning

Leverage What’s Out There

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

Infrastructure, Data Center & Managed Services

Transforming IT Management

I have many checklists: how do I get started with cyber security?

8 Building Blocks of National Cyber Strategies

Making Information Security Manageable with GRC

Office 365 Security Assessment Workshop

Securing Your Digital Transformation

How To Land Your Dream Job in Cyber Security

Detecting and Mitigating Threats: The Evolving Threat Landscape in the GCC

Cyber Security 2017 Trends and Start Ups.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

NSX Data Center for Security

Bridging the Gap Operations and Security

Managing IT Risk in a digital Transformation AGE

Cyber Security in a Risk Management Framework

Microsoft Data Insights Summit

Changing Role Tier 1 SOC Analysts Should You Stop Hiring?

Presentation transcript:

University of Arkansas Security Operations Center (SOC) Information Brief

Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University and our Students: Our Students get unique hands-on security experience. The University gets “more eyes on the network.” We solidify our goal of being a leader in country for University IT Operations. Helps in Student Retention. Develops greater cyber security talent for the state. Could Talk about how to come up with the vision – I believe in putting forth a base to discuss

What is a Security Operations Center (SOC) ? A SOC monitors the network looking for cyber-attacks and staffed with a team organized to detect, analyze, respond to, report on, and prevent cyber-security incidents. A SOC provides services to the University: Detecting and acting on suspected cyber-security incidents. Pro Active incident handling assistance to constituents. Disseminate incident-related information to constituents and external parties. Help Visualize the Cyber Battlefield. Identify Gaps and help prioritize Remediation. Ability to accelerate threat detection and response using analytics and automation.

Issues with having any SOC Events lack context Users are unable to grasp the big picture of an event easily and have challenges with event handoff. Baby steps towards automation SOCs Escalating to ticketing systems is arduous Users cannot easily escalate to ticketing systems, causing a lot of manual copying and pasting or “hacky” solutions that may surface sensitive data. Lack of process SOCs acknowledge they need to continue to develop out and mature their processes. Too many tools Analysts are wasting time logging into multiple tools to cross check data and investigate. Difficulty tracking event lifecycle Users want visibility into full alert/event/case lifecycle in a single tool.

Other Issues Cost of People Recruiting People

SOC Monitor - establish a comprehensive baseline understanding off the critical information infrastructure and engage appropriate stakeholders to support cyber monitoring capability Detect-developing predictive analysis capabilities by defining terminology, methodologies, and indicators, and engaging appropriate. Analyze - • analysis, including expanding its capabilities to investigate incidents; Respond- • response, including mitigation of and recovery from simultaneous severe incidents, including other incidents.

Security Functional Model Security Operations Vul Scans and Security Analytics Identity Access Management Network Protect Encryption Other -Vulnerability Scans -Security Analytics -Patching -Vulnerability & Threat Data base -AD Audit -Privileged Admin Management -Access Controls -Firewalls -IDS/IPS -Security Monitoring -Mobile Security -Endpoint Security -RSA -SSL -Symantec -Data Storage -Audit -Forensics -Incident Response -Physical Security -Compliance Tool

Security People System View Endpoint Reports -AV Access Changes Threat Intell Monitor Egress SEIM Netflow Analysis Priority Alerts App White List Define Normal Cloud-logs & access

Daily Routine Check Reports Follow Up Special Tasks SLA Runbooks/ Guides

The Vision of our NOC-SOC

Students Recruiting – Word of Mouth and some advertising Major in School-desired Computer Science but not required We look for ability to learn and growth We look at Personality to fit in our culture We plan on keeping them for one year They must sign an NDA

Student Skill Ideals Security Knowledge Computer Networking Security Monitoring Tools Coding/Scripting Vulnerability Scanning Troubleshooting Communication & Writing Critical Thinking Creativity & Curiosity Motivation

Training Implemented training regimen for Student Workers that includes: Introduction to networking Introduction to IT Security Packet capture Network mapping ProofPoint Use of Splunk (SEIM)

For Their Growth Professional Development Certifications Hands On Skills Career Goals Resume Writing Practice Interviewing Growth in Skills Mentoring

Summary The SOC provides benefits to the University and our Students: Our Students get unique hands-on experience. The University gets “more eyes on the network”. We solidify our goal of being a national leader in University IT Operations. We retain students and give back a trained resident back to the state to help businesses and education in Arkansas.

Questions