How the University of Oklahoma
Is Modernizing SecOps
When the University of Oklahoma’s first president stepped off the train in Norman, Oklahoma, in 1892, to behold the barren expanse of prairie where the University’s main campus now stands, he exclaimed, “What possibilities!” These words—and the pioneering spirit behind them, the idea that anything can grow if you have the drive to make it so—continue to loom large in University tradition. They also guide the work of visionary educators and technology pioneers like Aaron Baillio, who leads the University’s security operations program.
With a team ranging in size from 13 to 19 workers, and comprised mainly of students, Baillio has built a top-performing security operations center (SOC) capable of protecting as many as 90,000 user accounts and 120,000 devices during peak usage periods. How has such a small and relatively inexperienced team been able to achieve such remarkably outsized results? By pioneering the use of advanced and intelligent security automation software, of course!
Small but mighty security team accomplishes challenging dual mission with help from the Respond Analyst
As deputy CISO for the University, Baillio’s responsibilities are varied and complex. Chief among them is securing the institution’s widely distributed and ever-changing IT ecosystem. But Baillio also serves as an Adjunct Professor at OU, and in that role, he’s tasked with training America’s next generation of cybersecurity professionals. Baillio must balance his efforts to secure the University’s online learning environment with time spent developing effective and repeatable training procedures for his student workers.
The efficiency boost OU’s cybersecurity team has gained from deploying the Respond Analyst has been invaluable for achieving both aspects of the dual mission. Before deploying the Respond Analyst, Baillio’s team was receiving more than 80 million event notifications and 350 alerts each week, but they weren’t able to attend to or evaluate all of them with as much care as Baillio would have liked. “My level of comfort was not always very high,” he admits. Today only two to nine vetted incidents are escalated per week, and Baillio feels more confident about their level of risk exposure. "The reduction in our event numbers is so big that it would be hard to explain to someone with no background in security," he says.
According to Baillio’s calculations, Robotic Decision Automation is adding the equivalent of 68 human security analysts to the team.
In addition, students employed in the University’s “Learn and Earn” program are getting hands-on experience with some of the most intelligent automated technologies available for cybersecurity monitoring today. They’re also able to spend more time learning “advanced” security analyst functions—such as threat hunting, incident response, and even engineering and orchestration—that will make them extremely employable upon graduation, and help tomorrow’s businesses meet their urgent need for skilled security staff.
With a technology platform like the Respond Analyst working beside its staff, the University of Oklahoma has already achieved results that even a much larger program would envy. They’re not being infected with malware, their data’s not being exfiltrated, and they have more confidence. They’ve also got a bright future ahead.