Research Security Operations Center
The Research Security Operation Center provides critical services using proven technologies, focused on the needs of research and education. Assets include:
- OmniSOC, a shared 24x7x365 eyes on glass cybersecurity operations center for higher education
- STINGAR, the Shared Threat Intelligence for Network Gatekeeping and Automated Response
- Vulnerability Identification Services, provided by Three Rivers Optical Exchange
- REN-ISAC, threat intelligence from The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC)
OmniSOC: 24x7x365 Security Operations Center
With two decades of experience from the GlobalNOC behind it, OmniSOC is a security operations center that provides trusted and actionable intelligence to higher education institutions. OmniSOC is a shared cybersecurity operations center for higher education. Founded by Northwestern University, Purdue University, Rutgers University, the University of Nebraska-Lincoln, and Indiana University, this pioneering initiative strives to help higher education institutions and research projects reduce the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for members. OmniSOC is based at Indiana University.
OmniSOC operates as part of Indiana University in conjunction with the formidable experiences and capabilities of the Global Network Operations Center (GlobalNOC). It also makes use of threat intelligence insights from the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC).
Sharing Threat Intelligence for Network Gatekeeping with Automated Response (STINGAR)
STINGAR, or Sharing Threat Intelligence for Network Gatekeeping with Automated Response, is a set of tools developed at Duke University. The STINGAR framework applies new, agile approaches to protect and defend networks, combining automated technology protections (from commercial and open-source tools) that deliver near-real-time active responses with crowdsourced data from potentially many institutions in order to better secure those networks.
The STINGAR ecosystem uses network sensors to discern potential threats, enables the federation of multi-site (higher education and research labs) threat data, and integrates with network security devices to rapidly block threats in near-real-time. The project originated from an urgent necessity to increase the speed of responsiveness to cybersecurity threats that Duke and all other higher education institutions suffer.
Vulnerability Identification Services (VIS) from 3ROX
This service leverages the widely deployed open-source ‘OpenVAS’ framework to identify assets in need of protection. 3ROX is operated and managed by the Pittsburgh Supercomputing Center Three Rivers Optical Exchange (3ROX) offers a vulnerability identification service that will probe the IP address range of a campus for active machines and services/ Network Vulnerability Tests (NVTs) are run against active machines/services to detect misconfigurations and known defects. A report is generated that lists any issue found by severity and host, allowing IT personnel to prioritize remediation. Each issue includes a list of vendor and/or community recommended fixes or corrective actions. These scans are performed on a regular schedule and can be supplemented with on-demand scans. This flexibility provides regular assessments of exposed vulnerabilities and allows IT personnel to scan a new server or service for vulnerabilities shortly after it is made available.
View more information on the Vulnerability Identification Service
Research and Education Networks Information Sharing and Analysis Center (REN-ISAC)
The Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) serves over 650 member institutions within the higher education and research community by promoting cybersecurity operational protections and response.