People working at computer stations with multiple monitors
Cybersecurity operations staff on the job. Image courtesy of Indiana University.

The global increase in sophistication and frequency of cyberattacks has necessitated an expansion in Virginia Tech’s cyberdefense coverage and capabilities to allow the university to detect and respond to cyber threats and attacks regardless of when they occur. To increase Virginia Tech’s cybersecurity support beyond regular business hours, the university partnered with OmniSOC to provide the university with 24x7 security monitoring.

OmniSOC is housed at Indiana University and was established by members of the Big Ten Academic Alliance. Their goal was to minimize the duration between the initial identification of a security threat and the implementation of campus mitigation measures. Their membership has increased since its founding to include higher education and research institutions of all sizes.

The services offered through OmniSOC aligned well with Virginia Tech’s IT Transformation recommendation to increase coverage on nights, weekends, and during university closings, and to decrease incident response time across critical systems. The service is also cost effective compared to other providers.

As an OmniSOC member, Virginia Tech will benefit from:

  • improved responsiveness to security incidents, informed by OmniSOC’s monitoring and incident notification services to initiate internal isolation and containment activities;
  • improved situational awareness that leverages the threat intelligence insights that OmniSOC gains from other research and higher education institutions; and
  • increased visibility and access to security related log information by expanding participation in the central logging service (CLS).

Virginia Tech is currently sending 1.5 TB of logging data to OmniSOC daily. This includes logs from security monitoring tools like intrusion detection systems, network traffic classifiers, and Windows system logs that are being forwarded to the CLS. Since March 1, 2023,when the university first partnered with OmniSOC, 29 tickets were opened by OmniSOC during regular business hours.

On October 31 the Information Technology Security Office (ITSO) partnered with OmniSOC, Information Technology Experience & Engagement (ITEE), and the IT Council to run a tabletop exercise to run through the incident response process. This process covers items such as the initial preparation work that departments need to do, through the detection by OmniSOC and the other phases outlined in the Virginia Tech Guide for Cyber Security Incident Response.