Speaker
James Ng
(AARNet (Australia's Academic and Research Network))
Description
The AARNet Security Operations Centre (SOC) went live in September 2021 and monitors a number of diverse university environments for potential cyber threats by categorising thousands of behaviours of interest in near real time that on their own may not be malicious but could contribute or be part of a larger attack.
The SOC utilises user entity behaviour analytics to correlate the relationship and behaviour between users/accounts and entities/assets using a cumulative risk-based approach in order to get the team to cut through the noise and focus on the things that matter most. This is in contrast to traditional and historical security technologies and defined rules that have relied on ‘known bad’ data to detect malicious activity.
Primary author
James Ng
(AARNet (Australia's Academic and Research Network))
