AARNet: SOC Services

The AustCyber Projects Fund is a $15 million, three-year initiative designed to help the Australian cyber security industry grows and takes ideas globally. Since launching in 2018, AustCyber has provided this funding to projects that are making a real contribution to growing Australia’s cyber security ecosystem, guided by the Sector Competitiveness Plan.

One of the participants in AustCyber’s Projects Fund was AARNet, who used their involvement in the Projects Fund program to accelerate their onboarding of Australian Universities onto their Security Operations Centre (SOC) Services, allowing them to uplift the cyber security posture for these crucial institutions.

Cyber attacks and nefarious activities against the Australian higher education and research sector have been on the rise for some time. More recently ransomware attacks have increased significantly, with several high-profile incidents reported from some of Australia’s premier education institutions.

These institutions are being targeted because of the highly sensitive data and intellectual property they hold. Several universities were seeking security operations support to improve their cyber security posture, particularly to augment their staff, skills, and technology to detect and combat these increasing cyber threats.

AARNet saw this as an opportunity to not only accelerate onboarding universities to the AARNet Security Operations Centre (SOC) but also to build relationships with the government and the cyber sector more broadly so that the capabilities developed could be leveraged for the benefit of more Australians.

The funding from the Projects Fund enabled AARNet to accelerate onboarding universities to their SOC to actively monitor their environments for cyber threats and fast-track the development of a global threat intelligence sharing capability. This helped to uplift the security posture of those institutions and the higher education and research sector quickly and effectively. The funding went into helping the universities, at a time when the sector was hit hard by the effects of the COVID-19 pandemic.

SOC customers have benefited from direct access to the following capabilities: 

• Security orchestration
• Automation and response (SOAR) end-to-end automation
• Machine learning and modeling behaviour analytics
• 100% transparent access to log data search visibility and data security management

In addition, the AARNet service provides one-year log retention, 24/7 operation and support, and full disaster recovery capabilities, and does not restrict or limit logs ingested into the SOC.

The universities are also benefiting from:

• Access to security subject matter experts (including SOC Analysts and SOC Engineers) to augment and optimise their security resources 24/7, and guidance and advice during incident response activities
• Periodic threat reporting on received alerts and related metrics, with actionable insights to improve their overall security posture
• Collaboration between the SOC and university teams to ensure they are getting the most out of the service and tooling
• Predictable costing and service model (that is all-inclusive) to better help universities budget and forecast, especially with the impact of COVID-19

About AARNet

For more than 30 years AARNet has provided reliable telecommunications services, along with an expanding range of cyber security, data, and collaboration services. Their network and services are designed to meet the specialised needs of Australia’s research and education sector.

Learn more about AARnet at their website.

Stay up to date with news and opportunities from AustCyber by signing up to the newsletter.

Find out more about the other projects involved with the AustCyber Projects Fund.