OmniSOC, security operations center for ResearchSOC, wins Elastic Security Capture the Flag event
by Gregory Moore
At high noon on December 7, 2020, members of Indiana University’s OmniSOC Security Engineering Team faced off against cybersecurity teams from colleges and universities across the country in a Capture the Flag (CTF) cybersecurity competition sponsored by Elastic. OmniSOC provides trusted and actionable intelligence to many higher education institutions in addition to ResearchSOC.
Three hours after the national by-invitation-only event started, the OmniSOC crew came out on top. OmniSOC Lead Security Engineers Rob Carlsen and Ian Koetter won top honors by being the first team to answer all the challenges.
“Other than bragging rights, we should be receiving an Elastic course training voucher,” said Scott Orr, OmniSOC SOC operations manager. “The exercise focused on answering a series of questions found via querying the Elastic SIEM product preloaded with incident logs. We got all the available points and in the fastest time.”
While five teams earned perfect scores–OmniSOC, Texas A&M, Oregon State University, UC Santa Cruz, and Appalachian State University–the OmniSOC team completed the challenge first. The competition focused on answering a series of questions found via querying the Elastic SIEM product preloaded with incident logs.
OmniSOC is the shared cybersecurity operations center for higher education and research. OmniSOC rapidly delivers only critical, actionable, high-quality alerts 24x7x365, allowing cybersecurity staff to focus on what’s important, at substantial cost savings, from a trusted leader in the higher education cybersecurity community. OmniSOC operates collaboratively across member institutions, reducing the time from first awareness of a cybersecurity threat anywhere to mitigation everywhere for our higher education institutions and research facilities members.
OmniSOC is higher education’s only collaborative multi-state institution security operations center, the only collaborative SOC supporting NSF research, and the only SOC with a multi-state institution data sharing agreement for researchers.
OmniSOC collects cybersecurity data from partners; integrates this data with other threat intelligence, conducts proactive threat hunting; and monitors, triages, and analyzes security events. Founded by Northwestern University, Purdue University, Rutgers University, the University of Nebraska-Lincoln, and Indiana University and located at IU, OmniSOC also supports the ResearchSOC, the National Science Foundation (NSF) Security Operations Center, providing cybersecurity for the nation’s greatest research.
ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. We do this by providing the operational cybersecurity services, training, and information sharing necessary to a community as unique and variable as research and education (R&E).
ResearchSOC is an NSF-funded collaborative security response center that addresses the unique cybersecurity concerns of the research community.
OmniSOC and ResearchSOC are proud members of the Indiana University Cybersecurity Community.
Elastic is OmniSOC’s technology partner. Elastic builds real-time, scalable enterprise search, observability, and security solutions on a single free and open technology stack that can be deployed anywhere. Educational organizations worldwide use Elastic to instantly find actionable insights from any type of data, power search across a school or university, and build better student engagement experiences. Learn more at elastic.co.
Leave a Reply