• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
Logo, Texas A&M University System, Office of Information Technology
  • Services
    • AggieBuy
    • Concur
    • Contracts
    • Earning Codes
    • Enterprise Data Warehouse
    • FAMIS
    • Maestro
    • Position Budget
    • Security Operations Center
    • Single Sign-On
    • Time and Effort
    • TrainTraq
    • TRS
    • UIN Manager
    • Workday
  • Collaboration
    • Project Management Community of Practice
    • Organizational Change Management Community of Practice
    • The Texas A&M University System Technology Summit
  • Projects
    • Financial Systems Modernization
  • Cybersecurity
    • Be Cyber Savvy
    • Cybersecurity Policy
    • Report an Incident
    • Security Operations Center
    • Information Security Council
  • Governance & TACs
    • IT Governance Framework
    • Accessibility
    • Project Management
  • Contact
  • About
    • Members
    • CIO Blog
    • Communications
      • Guidelines
      • Logos, Color Palette and Templates
      • Writing Style
      • Web Requirements
      • Email and Email Signature
      • Statewide Cybersecurity Services Style Guide
Home / Cybersecurity / Security Operations Center

Security Operations Center

Security Operation Center logo

Our Mission

As industry leaders, the Texas A&M Security Operations Center (SOC) protects and educates people and organizations in the public sector so you can stay calm in a threat filled world. Managing network security can be difficult; we provide a wide-range of services to help fulfill your security needs

Domain Name System (DNS) Filtering

Many cybersecurity threats utilize DNS to bypass IP block lists. Maintaining only a blacklist of known bad DNS entries does not completely resolve the risks. It is common behavior for a malicious actor to use dynamically generated DNS entries to bypass these lists. We manage tools that will evaluate all DNS queries seen from your organization, as well as from any endpoints external to the network utilizing a roaming client. This service stops known bad DNS calls, and access to any newly seen domains (less than 6 days old or never seen by the vendors global network), preventing the majority of malicious code dispersed.

We Provide

  • Assistance in deploying the solution
  • The ability to add in content monitoring
  • Off-network protection and malicious device identification available with roaming client
  • User identification

Threat Detection and Monitoring

First, we will meet with you to understand your environment. We will then detect and hunt for known and unknown threats and provide analysis of real-time security event data feeds to detect indicators of threats. Incidents are escalated to our analysts for in-depth analysis. Analysts will send Threat Indicator Notifications with information about detected threats while adding contextual information and How-To’s to the notifications for faster validation and delegation. Every notification has analyst insight that is specific to the detection and present situation of your environment

We Provide

  • Threat detection and monitoring
  • Triage of events
    • Alerts are prioritized according to the alert severity and the criticality of the impacted host(s)
  • In-depth analysis of security events and threat indicators
  • Threat Indicator Notifications
  • Monthly reports: Situational Awareness, Threat Landscape, Attacks, Key Performance Indicators
  • Security advisories subscription

Software Contracting and Evaluation

As the industry shifts to combat the latest threats, it is necessary for tools used to combat those threats shift as well. We actively work with vendors to determine products that meet your needs and negotiate group purchases when applicable

We Provide

  • Tools available at a lower price point through group purchasing
  • On-going evaluation of new products
  • Recommendations on tools alongside consulting to meet your specific needs

Vulnerability Scanning and Penetration Tests

External and internal vulnerability scanning is available to provide you with a better picture of assumed risks. These scans are designed to meet the requirements of state law and to help your organization resolve any unknown vulnerabilities. Penetration testing is provided through third-party contracts

Remote Incident Response

Remotely, the SOC provides expertise in analyzing damage and removing changes left by an adversary in cooperation with the Texas A&M Engineering Cyber Response Team. Support is usually done over the phone, email, web conference, or if necessary, remote terminal or administrative interfaces such as a collaborative meeting platform or Secure Shell (SSH)

We Provide

  • Service and Engagement – based on the type of incident and availability
  • On-site Incident Response – based on the impact of the threat and availability

Training and Awareness

Proactive outreach to employees supporting general user training, bulletins and other educational materials that help them understand various cybersecurity issues. The main goals are to help you protect your team from common threats, better secure end systems and help employees correctly report cybersecurity incidents

Security Consulting

We are happy to provide security advice for:

  • Supporting new system design
  • Business continuity
  • Disaster recovery planning
  • Securing, monitoring and auditing Microsoft Active Directory

Interested? Contact us for more information!

Primary Sidebar

Copyright © 2023 Texas A&M University System All rights reserved.

301 Tarrow Street, College Station, TX 77840 | MAP | Phone: (979) 458-7700 | email: support@tamus.edu
State of Texas | Texas Homeland Security | Texas Veterans Portal | Statewide Search | Risk, Fraud & Misconduct Hotline | Privacy | Web Accessibility | State Link Policy | Campus Carry

Texas A&M University System