Research Security Operations Center
The Research Security Operation Center provides critical services using proven technologies, focused on the needs of research and education. Assets include:
- OmniSOC, a shared 24x7x365 eyes on glass cybersecurity operations center for higher education
- STINGAR, the Shared Threat Intelligence for Network Gatekeeping and Automated Response
- Vulnerability Identification Services, provided by Three Rivers Optical Exchange
- REN-ISAC, threat intelligence from The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC)
With two decades of experience from the GlobalNOC behind it, OmniSOC is a security operations center that provides trusted and actionable intelligence to higher education institutions. OmniSOC is a shared cybersecurity operations center for higher education. Founded by Northwestern University, Purdue University, Rutgers University, the University of Nebraska-Lincoln, and Indiana University, this pioneering initiative strives to help higher education institutions and research projects reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members. OmniSOC is based at Indiana University.
OmniSOC operates as part of Indiana University in conjunction with the formidable experiences and capabilities of the Global Network Operations Center (GlobalNOC). It also makes use of threat intelligence insights from the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC).
STINGAR, or Shared Threat Intelligence for Network Gatekeeping with Automated Response, is a solution developed by Duke University to identify and defend against attacks targeting your network. STINGAR uses a decoy computer system for trapping and tracking hackers and automation to speed responses.
With flexibility in mind, STINGAR:
- Makes use of network sensors (honeypots)
- Identifies attackers
- Blocks via existing network security appliances
- Shares threat intelligence with trusted groups
This service leverages the widely deployed open-source ‘OpenVAS’ framework to identify assets in need of protection. 3ROX is operated and managed by the Pittsburgh Supercomputing Center Three Rivers Optical Exchange (3ROX) offers a vulnerability identification service that will probe the IP address range of a campus for active machines and services/ Network Vulnerability Tests (NVTs) are run against active machines/services to detect misconfigurations and known defects. A report is generated that lists any issue found by severity and host, allowing IT personnel to prioritize remediation. Each issue includes a list of vendor and/or community recommended fixes or corrective actions. These scans are performed on a regular schedule and can be supplemented with on-demand scans. This flexibility provides regular assessments of exposed vulnerabilities and allows IT personnel to scan a new server or service for vulnerabilities shortly after it is made available.
The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) serves over 650 member institutions within the higher education and research community by promoting cybersecurity operational protections and response.