By Gregory Moore
Focused on the special needs of the research and education community, ResearchSOC webinars and workshops provide on-demand, how-to training for IT and cybersecurity professionals supporting open science research projects.
On August 20, Mark Krenz, ResearchSOC, Indiana University, and Scott Orr, OmniSOC, Indiana University, will present How to devise a network monitoring strategy, as part of the 2020 Cyberinfrastructure/Cybersecurity Workshop, a virtual training event for cybersecurity and cyberinfrastructure professionals taking place August 18 and 20. Register online.
Scott has been with Indiana University in various capacities for more than 30 years. He was on the IUPUI campus before there was internet as a sysadmin for the engineering school. We asked Scott to tell us about the workshop and a bit about himself:
As I started supporting Unix systems, I decided that if I understood the security features of the platform, I would understand how to manage and use it. We started detecting early attacks from the outside, but also detecting curious students’ activities inside our networks and correcting their actions. After 8 years, I left the university for a short time to work in industry for a security consulting company. I learned then that I missed academic environments so, I returned to IUPUI, this time in the Computer Science Department, where in addition to doing a similar role of security and system administration, I started teaching as part-time faculty for the Computer Technology and Computer Science Department. Also, where in Computer Science, I completed my MS in CS, with an emphasis on security.
I joined OmniSOC about three years ago. Instead of doing security part-time as part of a bigger job, I got the opportunity to focus on security full time. I now serve as the SOC Operations Manager for OmniSOC. My team analyzes all the collected network data and detects potential malicious activities. We then share our findings with the affected member so that they can mitigate the incident. Our goal is to try to help members detect and mitigate system compromises as quickly as possible.
About the workshop
Network monitoring is a big part of what we do. Most of the information we get at OmniSOC is true network monitoring. We not only examine network metadata (e.g., sessions source and destination IP addresses) but also analyze various service sessions such as DNS, which can provide valuable insight into what’s happening in the member environment. I’m going to give a broad overview on some of the different sources of data there, the ways of looking at it, and how that data can be used to detect and help mitigate when issues occur.
The Research Security Operations Center (ResearchSOC) is a collaborative security response center that addresses the unique cybersecurity concerns of the research community. ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. For more information on the ResearchSOC, visit our website or email email@example.com.