{"id":13196,"date":"2019-03-29T15:00:26","date_gmt":"2019-03-29T19:00:26","guid":{"rendered":"https:\/\/michigan.it.umich.edu\/news\/?p=13196"},"modified":"2024-07-08T06:05:30","modified_gmt":"2024-07-08T10:05:30","slug":"teams-practice-it-security-incident-investigation","status":"publish","type":"post","link":"https:\/\/michigan.it.umich.edu\/news\/2019\/03\/29\/teams-practice-it-security-incident-investigation\/","title":{"rendered":"Teams practice IT security incident investigation"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"367\" src=\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-700x367.png\" alt=\"\" class=\"wp-image-13199\" srcset=\"https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-700x367.png 700w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-200x105.png 200w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-300x157.png 300w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-768x402.png 768w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team-665x348.png 665w, https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/ITS-team.png 1086w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><figcaption>From left to right: Neamen Negash, Angel Fletcher, Matt Coons, Kevin Cheek, and a Splunk representative. (Joel Iverson, ITS Communications)<\/figcaption><\/figure>\n\n\n\n<p>U-M staff members, and a number of other IT security pros from Domino&#8217;s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 <a href=\"https:\/\/events.splunk.com\/bots-ann-arbor-03272019\">Boss of the SOC (Security Operations Center) event<\/a> held at U-M and sponsored by the U-M Information Assurance office and Splunk. <br><\/p>\n\n\n\n<p>Working in teams of four to five, participants assumed the persona of a security analyst at a company experiencing multiple types of IT security incidents, including &#8220;insider threat,&#8221; APT (advanced persistent threat), ransomware, and web application attacks via SQL injection. Each team&#8217;s mission for the day was to work to figure out what the malicious actors were doing and how they were doing it\u2014using realistic event data in Splunk.<\/p>\n\n\n\n<p>&#8220;The work was in-depth and challenging,&#8221; said Neamen Negash, data security analyst (Information Assurance).<br><\/p>\n\n\n\n<p>&#8220;It was a great opportunity to learn from each other and from Splunk,&#8221; said Matt Coons, Information Assurance incident responder and threat analyst. &#8220;I learned a lot about how to use the data we store in Splunk to help investigate IT security incidents.&#8221;<br><\/p>\n\n\n\n<p>Dave McLaughlin, a database administrator with Information and Technology Services (ITS), gained a new appreciation for how valuable log data could be when investigating security events. &#8220;It was eye-opening to see how the data we collect from databases might be used by security analysts,&#8221; he said.<br><\/p>\n\n\n\n<p>A team of Dominos IT security staff took first place for the day, with a team of ITS staff members coming in a close second. Members of the ITS team were Kevin Cheek, university incident response lead (Information Assurance); Matt Coons, incident responder and threat analyst (Information Assurance); Angel Fletcher, application operations system administrator (Infrastructure); and Neamen Negash, data security analyst (Information Assurance).<br><\/p>\n\n\n\n<p>&#8220;It was a lot of fun,&#8221; said Coons. &#8220;Team scores were displayed throughout the day, and there was upbeat music playing. It was so engrossing I didn&#8217;t even look at email.&#8221;<br><\/p>\n\n\n\n<p>&#8220;I kept watching our score on the graphs,&#8221; said Cheek. &#8220;I really enjoyed the competition and appreciated the extensive work Splunk did to make the experience so realistic and worthwhile.&#8221;<br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>U-M staff members, and a number of other IT security pros from Domino&#8217;s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 Boss of the SOC (Security Operations Center) event held at U-M and sponsored by the U-M Information Assurance office and Splunk. Working in teams of four to five, participants assumed the\u2026 <span class=\"read-more\"><a href=\"https:\/\/michigan.it.umich.edu\/news\/2019\/03\/29\/teams-practice-it-security-incident-investigation\/\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":24,"featured_media":13203,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","_umich_oidc_access":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_ef_editorial_meta_date_first-draft-date":"","_ef_editorial_meta_paragraph_assignment":"","_ef_editorial_meta_checkbox_needs-photo":"","_ef_editorial_meta_number_word-count":"","footnotes":""},"categories":[6,27],"tags":[488],"class_list":["post-13196","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-professional-development","category-safe-computing","tag-cybersecurity"],"uagb_featured_image_src":{"full":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890045635.png",630,420,false],"thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-200x133.png",200,133,true],"medium":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-300x200.png",300,200,true],"medium_large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-768x512.png",665,443,true],"large":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-700x467.png",600,400,true],"1536x1536":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890045635.png",630,420,false],"2048x2048":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890045635.png",630,420,false],"excerpt-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-200x140.png",200,140,true],"themonic-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-60x42.png",60,42,true],"ioslider-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-658x300.png",658,300,true],"post-thumbnail":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890031639-665x444.png",665,444,true],"400x250-crop":["https:\/\/michigan.it.umich.edu\/news\/wp-content\/uploads\/2019\/03\/brian-e1553890045635.png",375,250,false]},"uagb_author_info":{"display_name":"Janet Eaton, ITS Information Assurance","author_link":"https:\/\/michigan.it.umich.edu\/news\/author\/jmfeaton\/"},"uagb_comment_info":0,"uagb_excerpt":"U-M staff members, and a number of other IT security pros from Domino&#8217;s, and Washtenaw Community College, honed their IT security investigation skills at a March 27 Boss of the SOC (Security Operations Center) event held at U-M and sponsored by the U-M Information Assurance office and Splunk. Working in teams of four to five,&hellip;","_links":{"self":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/13196","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/comments?post=13196"}],"version-history":[{"count":6,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/13196\/revisions"}],"predecessor-version":[{"id":13246,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/posts\/13196\/revisions\/13246"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media\/13203"}],"wp:attachment":[{"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/media?parent=13196"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/categories?post=13196"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michigan.it.umich.edu\/news\/wp-json\/wp\/v2\/tags?post=13196"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}