Educause Security Discussion mailing list archives
Re: Security Operations Center Management
From: "Perez, Roberto" <Roberto.Perez () LMU EDU>
Date: Wed, 10 Mar 2021 23:08:00 +0000
Could someone ping me separately if you are using OculusIT's SOC services? I'm looking at them and would love to talk to current OculusIT SOC customers about your experience so far. Roberto Perez, CISSP Director, Information Security and Compliance Information Technology Services<https://its.lmu.edu/> [LMU logo]<https://www.lmu.edu/> Daum Hall 1 LMU Drive Los Angeles, CA 90045-2659 www.lmu.edu<http://www.lmu.edu/> | Privacy + Legal<http://www.lmu.edu/copyright/> Office 310.258.5489<tel:+13102585489> Email roberto.perez () lmu edu<mailto:roberto.perez () lmu edu> [https://s3.amazonaws.com/lmuemailsignature/email-fb.png]<https://www.facebook.com/lmula>[https://s3.amazonaws.com/lmuemailsignature/email-tw.png]<http://twitter.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-in-1.png]<https://instagram.com/loyolamarymount/?hl=en>[https://s3.amazonaws.com/lmuemailsignature/email-li.png]<http://www.linkedin.com/edu/school?id=17875>[https://s3.amazonaws.com/lmuemailsignature/email-yt.png]<http://www.youtube.com/loyolamarymount>[https://s3.amazonaws.com/lmuemailsignature/email-pin.png]<https://www.pinterest.com/loyolamarymount/> On 2/19/21, 12:21 PM, "The EDUCAUSE Security Community Group Listserv on behalf of AJ (Westcliff)" <SECURITY () LISTSERV EDUCAUSE EDU on behalf of aj () WESTCLIFF EDU> wrote: Cynthia, Does your organization have a formal Security Operations Center? Yes, we have used an outsourced 24x7 SOC provider since 2015. They also manage our firewall. Is it fully staffed with internal resources? No - There was an assessment done recently of the major SOC and CISO providers on the basis of quality/expertise and affordability that we reviewed. (I think I can find a copy of that assessment. Please ping me offline if you need it.) We have outsourced our SOC to OculusIT. Is it fully outsourced? Yes to OculusIT. Our internal teams act on the recommended changes that come from the SOC team. OculusIT 24x7 SOC teams works an extension of our internal teams. We meet with them daily. Is it co-managed with a service provider? No. -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Christine Whalley Sent: Friday, February 5, 2021 10:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Security Operations Center Management Cynthia, Does your organization have a formal Security Operations Center? Yes, we have used an outsourced 24x7 SOC provider since 2012. Is it fully staffed with internal resources? No - we recently partnered with OculusIT to provide our SOC and next gen firewall management services. Is it fully outsourced? Yes/No - there is a partnership between our outsourced SOC and our internal infrastructure and service desk teams. We port designated logs to SIEM managed by the SOC. Internal team has access to view SOC Dashboard and log data The SOC team monitors the environment and performs threat analysis to identify incidents and/or recommend changes we should make to our environment. Recommended changes are assessed by the appropriate internal support team. Once approved, changes to the firewall are made by the SOC while changes to servers and other services are made by the appropriate internal support team. Is it co-managed with a service provider? See explanation above. We continue to review for improvement opportunities and refine thresholds for where the SOC can take direct action without intervening College approval. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: [External] [SECURITY] Security Operations Center Management, (continued)
- Re: [External] [SECURITY] Security Operations Center Management Foss, Henry L. (Jan 25)
- Re: Security Operations Center Management Marcelo Lew (Feb 02)
- Re: Security Operations Center Management Koppel, Lorna (Feb 02)
- Re: Security Operations Center Management King, Ronald A. (Feb 03)
- Re: Security Operations Center Management Dennis Bolton (Feb 03)
- Re: Security Operations Center Management Welch, Von (Feb 03)
- Re: Security Operations Center Management Rich Graves (Feb 03)
- Re: Security Operations Center Management Steve Doty (Feb 03)
- Re: Security Operations Center Management Christine Whalley (Feb 05)
- Re: Security Operations Center Management AJ (Westcliff) (Feb 19)
- Re: Security Operations Center Management Perez, Roberto (Mar 10)
- Re: Security Operations Center Management AJ (Westcliff) (Feb 19)