The University of Basel is one of the oldest and most prestigious universities in Switzerland. Founded in 1460, it has a long history of academic excellence and innovative research. The university is divided into numerous faculties and departments, each fostering an environment of intellectual freedom and scientific research. While this decentralized structure promotes academic freedom, it poses significant challenges for the central IT department responsible for maintaining network security across the entire institution.
The situation before baseVISION: Organizational complexity – the challenge of achieving cybersecurity
The University of Basel faces several critical challenges in managing its IT infrastructure and ensuring robust cybersecurity:
- Heterogeneous Networks: Due to the different needs and freedoms of the scientific staff in the individual departments, it is challenging for the central IT team to efficiently monitor and secure the entire network. Each department operates with a certain degree of independence, leading to diverse and complex network configurations.
- Organizational Complexity: The diversity within the university’s departments contributes to organizational complexity and complicates the implementation of standardized security measures.
- Staff Shortages: A team in a Security Operations Center (SOC) requires an adequate level of resources, knowledge, and availability. Keeping pace with the innovation rate in cybersecurity, both in terms of attacks and product development, is a challenge, especially for small security teams.
- Limited Budget: The university’s IT budget is limited. This financial constraint restricts the resources available for IT and cybersecurity initiatives.
Despite these challenges, the University of Basel has successfully developed an IT strategy that has gained recognition at higher administrative levels, leading to greater impact and influence. Consequently, the university decided to participate as a pilot customer in the Switch Security Operations Center (SOC) Community Initiative.
Our solution: Managed Extended Detection and Response (MXDR)
The University of Basel showed interest in the baseVISION MXDR Service and facilitated the connection between baseVISION and Switch, whose task is to maintain and promote a secure network and educational infrastructure for all Swiss universities and colleges. In a collaborative approach, baseVISION supports Switch in developing the Community SOC MXDR module based on the Microsoft Security Stack. The SOC Community from Switch offers a comprehensive solution for customers in the higher education sector in Switzerland, including proactive hunting, daily incident management, incident response, and forensics.
«Die SOC-Lösung von baseVISION hat uns geholfen, unseren Reifegrad im Sicherheitsbetrieb zu erhöhen und auf Bedrohungen zu reagieren. Die Flexibilität und Schnelligkeit des Implementierungsprozesses hat unsere Erwartungen übertroffen und sich gut an unsere komplexe Umgebung angepasst.»
Easy collaboration
The collaboration between baseVISION, Switch, and the University of Basel has created a robust security solution capable of protecting one of the largest universities in Switzerland. The Switch Community SOC, consisting of Switch’s knowledge of the higher education sector, baseVISION’s MXDR service with Microsoft expertise, and Microsoft’s advanced security solutions, has proven to be an ideal complement. This partnership not only improves the security posture of the University of Basel but also offers a scalable solution for other universities.
Key components
Switch SOC Community
- Switch operates its own CERT (Computer Emergency Response Team) for universities, providing access to specialists in incident management and forensics for incident preparation and response.
- As the operator of the research network in Switzerland, Switch offers a unique perspective, including threat intelligence.
- They offer education-specific use cases and hunting based on expertise in the education sector.
- The SOC Community contract enables intensive information exchange between Switch and baseVISION, contributing to the improvement of incident handling and overall quality, with a focus on the specific requirements of educational and research networks.
baseVISION MXDR Service
- baseVISION has taken over incident management, utilizing the full capabilities of Microsoft Security solutions, including signals provided by the customer from third-party sources.
- As a designated partner, baseVISION was nominated for its expertise and efficiency, as it offers better and more efficient solutions for handling incidents.
Microsoft Defender XDR and Sentinel
- baseVISION supported the University of Basel in implementing Microsoft Defender XDR and Microsoft Sentinel.
- These solutions offer advanced threat detection, response capabilities, and a comprehensive security framework as a starting point, which can be extended with third-party signals upon customer request.
- With Azure Lighthouse and other Microsoft technologies, it is possible to store all customer data in the customer’s tenant, enabling seamless and efficient collaboration between all parties.
Summary
The University of Basel faced significant challenges in the field of cybersecurity due to its decentralized structure, staff shortages, and limited budget. To address these issues, the university partnered with baseVISION and Switch to implement a Managed Extended Detection and Response (MXDR) solution. This collaboration led to the establishment of a centralized Security Operations Center (SOC) and a Community SOC that utilizes advanced security technologies such as Microsoft Defender XDR and Azure Sentinel. The solution provides real-time threat detection and automated response capabilities, significantly improving the university’s security posture and offering a scalable model for other institutions.
Benefits
- Monitoring, analysis, and initial investigations by baseVISION SOC security analysts
- Enrichment of incidents through threat intel
- Education and research network-focused threat intelligence from Switch
- Automation engine for incidents
- baseVISION Standard Use Case Repository
- Azure Sentinel backup and continuous health checks
- Full utilization of the security features included in Microsoft 365 A5
- Data remains in your tenant and under your control
- SOC with location Switzerland
Leading companies rely on us.
