UC Davis accelerates threat response and improves SOC efficiency
As a top-tier research university, the University of California at Davis deals with a host of unique security challenges. The UC Davis campus is home to students, educators, and research professionals pursuing a variety of activities from conducting federally-funded research for government agencies like the Department of Defense to streaming Netflix in on-campus housing. To serve its diverse population, the university has its own police and fire departments, residential buildings, a Student Health Center that needs to be HIPAA compliant, shops and other commercial establishments that need to be PCI compliant, utility providers with their own industrial control systems and even an airport.
UC Davis runs on open access policies to allow its student and faculty population to conduct research relatively freely. Additionally, they have a federated IT governance model working with many departments and users throughout the campus. Jeff Rowe, Security Architect for UC Davis, says this poses unique challenges for the security team. They need to be liberal to support research and, at the same time, be airtight in their security policies and procedures to protect from potential attacks.
University-wide, their systems generate 10,000 events per second, and the SOC gets thousands of alerts in a matter of hours. The real pain for the team was managing daily threat triage and struggling to align with other campus IT departments on the overwhelming surge of security alerts.
The SOC team developed an API-centric scripting model supported by a war chest of student-developed Python scripts, which helped automate some parts of their workflow. Still, they needed a security orchestration, automation and response (SOAR) solution to fill the gaps.
With workflow automation and optimization in mind, UC Davis chose Sumo Logic Cloud SOAR as the best fit for their unique case. After evaluating several vendors, Cloud SOAR’s compatibility with the technologies they currently use, including the Python scripts students developed and continue to develop, was the main draw for UC Davis. There was no need to build new integrations.
In addition to supporting cloud-based services, Cloud SOAR also runs on-prem, which was a critical requirement for Rowe and his team. The cost-effectiveness of Cloud SOAR also contributed to their decision.
Sumo Logic Cloud SOAR now acts as the main control plane for their SOC workflows.
The UC Davis IT team needed a solution that would accelerate threat response and improve the efficiency of their SOC. Sumo Logic Cloud SOAR unified security operations and worked seamlessly with their carefully designed workflow to meet the university’s unique security and operational requirements.