Northwestern joins Big Ten universities to launch joint cybersecurity operations center

EVANSTON - Indiana University (IU), Northwestern University, Purdue University, Rutgers University and the University of Nebraska-Lincoln today announced the launch and activation of OmniSOC, a specialized, sector-based cyber Security Operations Center (SOC) that provides trusted, rapid, actionable cyber intelligence to its members.

The OmniSOC is a pioneering initiative of these Big Ten Academic Alliance universities with a goal to help higher education institutions reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members.

“With the ever increasing volume, sophistication and potential damage of cybersecurity attacks, the CIOs of the Big Ten universities recognized that we had to depart from the historic emphasis on local protection, identification and response,” said Sean Reynolds, vice president for technology and chief information officer at Northwestern. “Information security in this new environment requires many layers of protection within our campus environment, at our campus borders and with partners beyond campus." 

“With tens of thousands of students, faculty and staff, university campuses are really like small cities, with sensitive data and powerful computing systems that are coveted by cyber criminals,” said Tom Davis, OmniSOC founding executive director and chief information security officer.

“Protecting hundreds of thousands of devices and critical data requires expertise, systems, policies and rapid response when new vulnerabilities become known. While campus-by-campus approaches are essential, they are not sufficient for the sophistication of modern cyber risks," he added. "The OmniSOC enhances the work of local security professionals to provide greater real-time, sophisticated threat detection, analysis and action for our members.”

The OmniSOC is based at Indiana University and leverages two decades of experience and capabilities from the 24/7 Global Research Network Operations Center (GlobalNOC), which provides services to government, research and education networks across the nation. Using real-time security information data feeds from each member campus, as well as governmental and corporate security subscriptions, the OmniSOC identifies suspicious and malicious activity requiring mitigation and provides rapid incident response through human analysis and machine learning.

“Our ongoing partnership of the Big Ten universities in the delivery of advanced networking to our campuses meant that it was a logical next step to build this security operations center with these partners on top of our current infrastructure and trust relationships,” Reynolds said. 

In addition to GlobalNOC, OmniSOC works in close coordination with the federally chartered Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) at IU. Established in 2003, the REN-ISAC’s primary mission is to aid and promote cybersecurity protection, response and information sharing among its 580 members within the research and higher education communities.

“Each industry or sector of the economy has a unique lens on its risk tolerance, policies, regulation and response,” said Brad Wheeler, IU vice president for IT and chief information officer. “OmniSOC is a leading exemplar of establishing focused, sector-based shared cybersecurity services by doing so for large complex universities. My Big Ten CIO colleagues and I quickly realized that we could fight these risks better and faster if we joined forces to rapidly accelerate detection and mitigation across our institutions. The idea went from concept to first operations in a year, and we are already spinning up the specific services that our collective chief information security officers have planned.”

OmniSOC has chosen the Elastic Stack as its security analytics platform. The Elastic Stack is used to ingest, correlate and analyze vast quantities of information to detect and hunt for cyber threats to member systems.

“Higher education is for the most part an open environment, so we often see cyber crimes that others have not,” said Greg Hedrick, chief information security officer at Purdue University. “By allowing us to monitor across higher education, OmniSOC helps to improve our capabilities to identify and react more quickly to these bad actors. My hope is that this information can be shared with others outside of our community in order to protect the entire ecosystem.”

Davis says that in the years to come, OmniSOC plans to expand membership beyond the Big Ten Academic Alliance as it scales up services.

Learn more about OmniSOC: https://omnisoc.iu.edu/ and watch the videos: https://youtu.be/7g2BYXCVc3k and https://youtu.be/tWomN3qhSiM.