Global research: Security leaders’ priorities for cloud integrity, the talent gap and the most urgent attack vectors.
LSU students get Splunky
To support its student-powered SOC program, LSU explored different SIEM solutions. “At the end of the day, Splunk is the best product for us based on efficiency and ease of use,” says Woolley. “Splunk is best-in-breed.”
In just one year, each student participant can gain up to 1,000 hours of frontline SOC experience. Throughout their tenure, students work side-by-side with TekStream and train as actual employees: They take Splunk Academic Alliance courses and get schooled in TekStream playbooks built on Splunk SOAR, learning guides for different use cases, and what evidence they need to collect. Alongside TekStream, participants can investigate 22 different types of detections. And since the students started using Splunk SOAR in early 2024, they have worked on roughly 33% of all SOC cybersecurity incidents.
Each participating institution has its own instance of Splunk Cloud Platform and Splunk Enterprise Security (ES) in a shared Splunk SOAR environment with various dashboards, making analysis more efficient. “Before, we were doing things manually at LSU,” says Jain. However, with automation in the Splunk SOAR platform, they now have a playbook designed to automatically remediate incidents for more efficient responses, especially after hours.
“At LSU, if an incident happened after six, seven, or eight o’clock at night, it would not get looked at until the next morning,” continues Jain. “Now, with the SOC program, we have 24/7 coverage, 365 days a year, increasing the overall security posture of LSU and the state.”
To Jain, the main benefit of leveraging Splunk in its student-powered SOC program is its ability to identify and report notable security events in a more consumable fashion. “Being able to bring all incidents into a single environment has had the biggest impact on the efficiency of our program and the safety of participating institutions,” says Jain. Otherwise, each institution would have to check its own environments to see what notables came up. “Instead,” continues Jain, “we work through a single pane of glass on top of an institution-level single pane of glass. Without Splunk, we wouldn’t have a successful student-powered SOC program.”
“Come on, you Tigers!”
With its first class of student-powered SOC participants set to graduate in December 2024, LSU wants to create as many differentiators as it can for when participants enter the job market. In collaboration with TekStream, LSU will generate a transcript for each student, providing a holistic view of their SOC experience they can present at job interviews. “It would highlight all the critical incidents they worked on, how many they handled, and what kind of complexities they were exposed to,” says Jain.
“Being able to prove this experience to future employers will set students up for success after graduation,” says Woolley. “This truly sets the LSU program apart from the rest.”
By June 2025, LSU hopes to have 38 institutions onboarded into the program, encompassing the vast majority of higher education institutions in the state. “We’re still optimizing the onboarding process,” says Woolley. “But we’re on track to hit our goal.”
But why stop there? “Because of our success, we’re looking to create a second student-powered SOC that schools nationwide can use,” concludes Woolley. “We don’t see any reason to limit access to our program to just schools in Louisiana.”
At LSU, if an incident happened after six, seven, or eight o’clock at night, it would not get looked at until the next morning. Now, with the SOC program, we have 24/7 coverage, 365 days a year, increasing the overall security posture of LSU and the state.
