Delivering centralised threat insight for the University of Sussex

  • February 25, 2021
  • Nuala Armstrong-Walsh
University of Sussex Campus

The UK’s higher education sector is an increasingly popular target for cyber-criminals. Whether they’re focused on ransomware extortion, stealing the personal and financial information of staff and students, or going after cutting-edge research, there’s plenty to keep university IT teams busy.

To help the University of Sussex mitigate escalating cyber risk, SOC.OS recently delivered enhanced visibility through its leading threat monitoring technology.

Struggling with insight

Like many organisations, especially in the education sector, the University of Sussex struggled to stay ahead of cyber-threats without a centralised monitoring capability. Its lack of visibility into emerging threats meant the institution was left in reactive mode, with IT team members dividing their time between multiple toolsets, according to Cyber Security and Compliance Analyst, Raman.

They needed a more effective way to track threat patterns and prioritise alerts.

The SOC.OS difference

SOC.OS works like an extra security analyst on your team, capable of processing, enriching, correlating and prioritising every single security alert, 24/7/365. In so doing, it maximises the productivity of your IT security team whilst helping to minimise cyber risk exposure. There are five key stages:

  • Collection of alerts from all your on-premises and cloud-based security tools.
  • Enrichment with third-party threat intelligence and your own business context.
  • Correlation of enriched alerts into related “clusters” which are then ranked for easier examination. Users can name business-critical assets to enhance prioritisation.
  • Investigation can then be conducted via a single, intuitive SOC.OS workbench.
  • Automated reporting and dashboard widgets provide an ongoing real-time view of threats and security posture.

Visibility and control

Sussex University found an immediate benefit to centralising its threat monitoring capabilities, and especially in being able to drill down into specific IPs and devices.

“In one incident a user unintentionally downloaded malware, but due to the volume of alerts, it was hard for us to pinpoint the exact alert which identified the threat,” explains Raman. “By filtering alerts using the specific business context tag, we were able to quickly identify the threat and take quick action before it caused further damage. This would have been impossible to identify without SOC.OS.”

Raman and his team were also able to tweak the system so it ranks brute force attacks higher up in the priority list for clusters—as these represent a higher risk to the university. They receive a top 10 list of threats, alerts, and security incidents across the organisation within a specified time period.

It all adds up to enhanced visibility, more efficient investigations and reduced cyber risk for the university.

About the author

Nuala Armstrong-Walsh

Nuala Armstrong-Walsh