Security operations center launched on campus
January 11, 2019
Facing more than 20 million cyberattacks each day, South Dakota State University’s Division of Technology and Security and other South Dakota Board of Regents institutions are under constant stress. That cyberattack total does not include spam or phishing emails, which exceeded 1.4 million in the first nine days of 2019.
As a result, the South Dakota Board of Regents and the Regents Information Systems created a central security operations center at South Dakota State.
“We leverage software to make sense of the data sets, understand potential threats, help us identify weaknesses and react to an incident or incidents that happen in near real time,” said Claude Garelik, who recently retired as the RIS’ security officer and is now serving as a consultant. “We are under continual attack. We deploy an array of technologies to help us manage risks in our layered defense system. Algorithms help us understand what’s going with all of the information coming in.”
The center has numerous screens showing the security logs.
“Bringing all of the information to a central operations point allows us to see it from a 360-degree view throughout the system and make us more secure as a system,” said Dean Sheley, the BOR’s information security officer. “That’s what is really unique to our deployment.”
Mike Adelaine, South Dakota State’s vice president for security and technology, said the center allows the system to be proactive and reactive when noticing a threat.
“For example, Northern State might see something and say that’s a blip, but when we have five blips appear at the security operations center, there’s a bigger issue we need to be aware of. Or let’s say we saw a situation happen at USD and the School of Mines; we then can warn everyone to be aware at their institution. The center gives us a broader field of awareness.”
Dave Hansen, the system chief information officer for the Regents Information Systems, said the regental institutions were using similar approaches and solutions and noted the center supplements each university’s efforts.
“The center was identified as a more effective solution; one that improves the security process and posture,” Hansen said.
“We have large amounts of traffic and activity and our researchers work with a lot of international collaborators,” he continued. “The center allows us to monitor the traffic traversing our networks and respond appropriately when threats are identified to help prevent data leaving our campuses that ought not to be leaving.”