By Jesse Drake
Guarding against thousands of cyber attacks each week keeps Colby Gray, Security Assurance manager in UIT's Information Security Office, and his dedicated team of security analysts busy.
"Incident response is our main focus," Gray said. "Incidents range from a malware outbreak or phishing [email] campaign, to a website blocked by something nefarious in one of the services we subscribe to."
Security Assurance is always on alert for spammers.
"Sometimes a full-blown operating system is compromised, sometimes they compromise a consumer wireless router in housing and relay spam through it," Gray said.
The success of an phishing attack is often a numbers game.
"Someone who sends out 3,000 emails to random University of Utah addresses will be happy to get a one percent return rate," Gray said. Many of the most damaging cyber attacks, in contrast, target a small number of accounts, including "spear phishing" emails that employ tactics like impersonation, and arrive in user’s inboxes with malicious links or attachments.
"They'll go after 10 people or a single person," Gray said. "When they do that their intention is to get a 100 percent success rate, to make it perfect."
Popular website-building sites like Weebly and WIX, Gray added, also make it easy to launch malware-ridden sites aimed at baiting users.
"They can be right next to a very legitimate site on the same IP address," he said.
The inherently transient nature of universities presents its own unique challenge. Students are on erratic schedules, routinely entering and leaving campus, or graduating.
"Tracking down the source of malicious software on campus can be difficult," Gray said.
Gray's senior security analysts address "tier two" threats – elevated incidents that require additional analysis and information gathering.
"These might be events that a process doesn’t quite handle, so they'll pick it up and go deeper into the investigation," Gray said. "They write scripts and focus more on network security tools like Qualys, FireEye and Titanium. A lot their time is spent on process refinements."
Junior analysts (student employees) respond to "tier one" incidents. They're the first set of eyes, assessing trouble tickets in ServiceNow.
"Our students are great," Gray said. "They're the first line of defense – triaging tickets, making judgement calls on when to escalate," Gray said.
Those decision-making skills give the student employees a leg up in the high-demand information security job market.
"Every student we've had so far has been hired out – 100 percent," Gray said, noting that two of his senior analysts, Jesse Adams and Nico Holguin, started as students.
To come in and get one or two years of experience really makes them valuable prospects," he said.
Looking ahead, Gray said that ISO is bringing online a Security Operations Center (SOC), date to be determined.