Skip to Main Content

Student-Powered Security Operations Center

As a dedicated space for student employees to monitor and respond to cybersecurity threats, alerts, and incidents, the goal of the Security Operations Center is to monitor the university's network for security threats, analyze security alerts, and respond to any incidents.

Introducing: Miami University's Security Operations Center

The SOC allows us to detect threats early. By continuously monitoring Miami's network, the SOC can spot early warning signs of an attack, allowing the team to respond before any serious damage is done. Student analysts can also perform threat intelligence research to identify potential risks before Miami can be targeted.

The student-run SOC also allows us to act fast. Our students will be trained to jump into action the moment a threat is detected, reducing downtime and limiting damage. The SOC helps to reduce risk in general, identifying weak points in our systems and implementing measures to fix them before they can be exploited. Having a designated space is the key requirement in providing this security.

Students gain the benefit of hands-on professional experience with the tools and functionalities that they will need to master when entering the workforce. The threats they analyze are real, and the tools they’re using are industry aligned.

Tools Used by Our Security Analysts

SIEM: Security Onion

This is a central repository of data that enables analysts to monitor for potential threats in real time. The SIEM provides access to threat detection and threat intelligence, allowing SOC analysts to see and act on particular kinds of malicious activity within Miami systems.

Duo Security Admin Panel

Duo is our multi-factor authentication (MFA) and identity management tool. Analysts use the Duo logs to investigate suspicious login attempts and identify potential account compromises. They also help manage user accounts and report on MFA statistics.

Endpoint Detection and Response: CrowdStrike

CrowdStrike protects all university assets from advanced threats like malware and ransomware. Analysts investigate alerts, take action to quarantine compromised devices, and collect reports on what kinds of threats are being detected.

Email Security: Abnormal

Abnormal protects our email environment from sophisticated email attacks that often bypass traditional filters. Phishing campaigns can be nasty—and Abnormal is used by our student analysts to track threats our users are facing.

Network Security: Palo Alto

This is Miami's firewall and network security solution. This appliance controls all traffic entering and leaving our network. Analysts manage firewall rules, monitor network traffic, and block malicious connections. 

Meet Our Security Analysts

Coming soon!


Contact Us

Interested in more information about the SOC? Need to report a phishing email, or want some clarification about cybersecurity related incidents?

Email the ISO

Report phishing