UAT Adds Security Operation Center

After more than 10 years, University of Advancing Technology (UAT) retired its Cyber Warfare Range and in August 2021, added its own Security Operations Center (SOC), where students can work alongside mentors to learn how to manage SOCs for virtually any organization. Security Operations Centers are important for any organization looking to decrease cyber threats and attacks. It is a central hub in charge of predicting, assessing, and taking action against cyber threats, as well as working to prevent them altogether. This center is available to all students, but it is most pertinent to Network Security, Cyber Security, Network Engineering and Technology Forensics majors.

What is a SOC and Why Do We Need One?

Security Operations Centers are 24-hour security hubs that work to increase the level of cyber security within an organization. Security engineers and analysts work in SOCs around the clock to analyze, prevent, and ultimately stop cyber attacks. Cybercriminals will attack at any time of day, which makes these centers so important to an organization's cyber security.

SOCs are essential to every organization, UAT being no exception. The benefit of having a SOC at the university is that students can get hands-on experience and training in a place not unlike one they could work in after graduation. Students with an interest in Cyber and Network Security get the opportunity to assess and address cyber threats in real-time. Working at UATs SOC can make your resume stand out amongst other college graduates who weren’t afforded the same opportunities. At UAT, we believe everyone should get the experience they need before they even graduate.

The main feature of the SOC is the ability to connect to UAT's virtual machine cluster. This gives student the ability to interact with any operating system as long as they have the have the ISO file for it. Another benefit of the virtual machine is the ability to restore the state of the virtual computer once you take a snapshot. For example, students can run malware on a virtual machine and observe it. Then when they're done, they can examine the damage and can revert it. They are able to go back to the stage before the malware had been run. Cyber Security Associate Professor Jeremy Bunce adds, "Templates of virtual machines can be made, allowing me as an instructor, to create 15 Windows computers for my students to use in a class. Or have a virtual machine with misconfigurations that the students could get hands on practice fixing."

What Happens in a SOC?

The functions and occupations of a security operations center can be boiled down to five major tasks: monitoring, response, remediation, consistency, and context. 

1. Monitoring is tracking of cyber threats or potential threats. 
2. Response is reacting to, and fixing said cyber threats and attacks. 
3. Remediation is assessing current security operations and finding weak points. 
4. Consistency is maintaining a security operation and abiding by it in an ethical way.
5. Context is determining specific functions and needs of an organization that a SOC team can fulfill.

Professor Bunce explains, "The SOC is used by student to do their homework so they can practice hacking without risking their own computer." He adds, "The SOC is typically not used by non cyber students since it normally requires them to take a network security class to gain a login. Faculty can use the SOC to set up virtual machine to either demonstrate an exploit or set up a lab for them to work on."

"We have hosted Cyber Patriots here in the SOC," Bunce shares about community involvement in the SOC. "It’s a network security competition for high school students where they compete against other schools. They use our room for both doing the competition and hosting their training in the SOC." 

There are also events held in the SOC, such as Capture the Flag and Red v. Blue. If you are new to cyber security, these are competitions held for students that give them hands-on experience in real world settings. Bunce explains what Capture the Flag is, "You are given a task and need to complete it which results in you getting a file that is called a flag. Some examples of task are decrypting a text to get the original text or using a computer exploit to gain access to it and downloading a file called flag.txt." Students take part in these to not only learn the skills, but to be able to preform under pressure.

There are many benefits to having a SOC, but one of the most important benefits is the students having access to a setup like this. As mentioned before, the SOC replicates SOCs they will encounter in the real world, assuring they are prepared once they graduate. Students can make virtual machines that meet an industry standard SOC. This allows the students hands-on practice and the ability to revert changes if they make a mistake. "Another aspect of our virtual machine cluster is that each class has a private network. This allows an installing windows server class and an ethical hacking class at the same time without them interfering with each other. This also allows for Capture the Flag competitions to be run on the virtual machine cluster. There is also the added benefit of having a room dedicated to network security for students to set up collaboration or work on projects together," shares Bunce. Along with the hands-on learning experience, students have access to a PowerEdge T340. If you aren't familiar with what it is, it is a mini server with two monitors.

How Can I Get Involved?

Contact an advisor or a professor for more information on getting involved with the SOC. Working at the SOC can be a great way to build your resume and gain workplace experience. UAT is excited about this recent addition to the campus and encourages students to look into it.  Become a part of the solution today and get hands-on experience dealing with real cyber threats and attacks and maintaining security procedures.