UNLV Hits the Jackpot with Student SOC and Splunk

  Workforce Development  |     |   Originally published in Splunk website, October 2024
Person looking at Splunk program on computer.

The University of Nevada, Las Vegas (UNLV) is a premier research institution and oasis of knowledge in the heart of the Mojave Desert. With a security team of only four full-time security operations center (SOC) analysts, UNLV needed additional support safeguarding its complex digital environment for its 35,000 students, faculty, and staff.

“We want to do everything we can to keep the school secure,” says Jason Griffin, senior information security analyst for UNLV Information Technology. “And from an academic standpoint, we also want to provide opportunities for cybersecurity students to gain essential knowledge and experience for when they enter the workforce.” With the help of Splunk Enterprise Security, Splunk Cloud Platform, and Splunk Academic Alliance, UNLV is doing just that.

SIEM City
Launched in 2022, UNLV’s SOC program gives cybersecurity students real-world SOC experience and essential workforce development skills, including responding to alerts, correlating tickets, prioritizing incidents, and resolving critical vulnerabilities. And their efforts are paying off. “We’ve substantially increased visibility in our vulnerability management program through Splunk dashboarding and alerting,” says Griffin. “Since May of 2024, the students have remediated over 600 vulnerabilities, with nearly 100 of them critical.” So while UNLV students get smarter, the school gets safer.

“When we started, this was a manual process of logging into multiple platforms, manually examining the data or results of the scan, and then creating the ticket, hoping there wouldn’t be duplicates or errors,” says Griffin. Now, UNLV SOC analysts leverage Splunk Enterprise Security to ingest and correlate data for various operational use cases. Any suspicious activity in their network triggers a notable event, which initiates further investigation. Griffin and his team are working toward having Splunk automate this process by ingesting the data from multiple sources, correlating it, and using workflow actions to connect to their ticketing system. “Those vulnerabilities used to take twice as long to remediate as they do now,” continues Griffin. “And when we fully implement the automation, it will cut that time to one-tenth.”

Built-in features like adaptive response have also been game-changers since using them for additional drill-down searching enables the student analysts to get more granular. Having preconfigured options and the ability to access external sites also streamline processes.

“Splunk Enterprise Security has significantly increased our visibility,” says Griffin. “We went from knowing things were happening in our environment to being able to see everything and address them as they come up. We’ve entered a world where detection is now possible.”

Read the rest of the case study on the Splunk website
 

Originally published in Splunk website, October 2024