Educational institutions, particularly university campuses, are a favorite target for cybercriminals because of the large distracted populations, multiple vendor relationships and research facilities make them vulnerable to threats like BEC, QR phishing, and other advanced threats.
Cal Poly’s SOC was drowning in these types of threats. Seventy-five percent of the student SOC team’s time was spent on abuse inbox analysis. The remaining time was spent on addressing SIEM alerts and other tasks.
After deploying SlashNext Cloud Email Security they saw an 80% reduction in the malicious emails being reported to the security team in the first 24 hours. SlashNext monitors 6,500 faculty and staff inboxes, and in the first week analyzed over a million emails, detected 434 zero-hour link attacks, and 271 BEC emails targeting the highest levels of campus leadership. The reduction of abuse email management, allows Cal Poly to assigns projects to students, including:
Security KPI Tracking Using Splunk: Tracking response of SOC analysts to measure response and resolution time.
Ingest CIS Threat Intelligence into Splunk: Enhances security posture with proactive alerts around identified threats.
Management of Palo Alto IP/Domain Block Lists: Simplifies and automates adding IPs or domains to firewall’s block list.
HIBP Automation: Monitors for addresses in data breaches and automates notification to impacted users reducing process time from 15 minutes to one minute.
AWS Security Alerts: Identify high-risk AWS activity, providing invaluable visibility of campus-wide AWS activity and potential incidents.