Texas A&M System IT

The Texas A&M University System

You are here: Home / Cybersecurity / Security Operations Center

Security Operations Center

Security Operations Center Logo

Our Mission

As industry leaders, the Texas A&M Security Operations Center (SOC) protects and educates people and organizations in the public sector so you can stay calm in a threat filled world. Managing network security can be difficult; we provide a wide-range of services to help fulfill your security needs

Domain Name System (DNS) Filtering

Many cybersecurity threats utilize DNS to bypass IP block lists. Maintaining only a blacklist of known bad DNS entries does not completely resolve the risks. It is common behavior for a malicious actor to use dynamically generated DNS entries to bypass these lists. We manage tools that will evaluate all DNS queries seen from your organization, as well as from any endpoints external to the network utilizing a roaming client. This service stops known bad DNS calls, and access to any newly seen domains (less than 6 days old or never seen by the vendors global network), preventing the majority of malicious code dispersed

We Provide

  • Assistance in deploying the solution
  • The ability to add in content monitoring
  • Off-network protection and malicious device identification available with roaming client
  • User identification

Threat Detection & Monitoring

First, we will meet with you to understand your environment. We will then detect and hunt for known and unknown threats and provide analysis of real-time security event data feeds to detect indicators of threats. Incidents are escalated to our analysts for in-depth analysis. Analysts will send Threat Indicator Notifications with information about detected threats while adding contextual information and How-To’s to the notifications for faster validation and delegation. Every notification has analyst insight that is specific to the detection and present situation of your environment

We Provide

  • Threat detection and monitoring
  • Triage of events
    • Alerts are prioritized according to the alert severity and the criticality of the impacted host(s)
  • In-depth analysis of security events and threat indicators
  • Threat Indicator Notifications
  • Monthly reports: Situational Awareness, Threat Landscape, Attacks, Key Performance Indicators
  • Security Advisories Subscription
  • Invitation to our regular Threat Brief conference call

Software Contracting and Evaluation

As the industry shifts to combat the latest threats, it is necessary for tools used to combat those threats shift as well. We actively work with vendors to determine products that meet your needs and negotiate group purchases when applicable

We Provide

  • Tools available at a lower price point through group purchasing
  • On-going evaluation of new products
  • Recommendations on tools alongside consulting to meet your specific needs

Vulnerability Scanning and Penetration Tests

External and internal vulnerability scanning is available to provide you with a better picture of assumed risks. These scans are designed to meet the requirements of state law and to help your organization resolve any unknown vulnerabilities. Penetration testing is provided through third-party contracts

Remote Incident Response

Remotely, the SOC provides expertise in analyzing damage and removing changes left by an adversary. Support is usually done over the phone, email, web conference, or if necessary, remote terminal or administrative interfaces such as a collaborative meeting platform or Secure Shell (SSH)

We Provide

  • Service and Engagement – based on the type of incident and availability
  • On-site Incident Response – based on the impact of the threat and availability

Training and Awareness

Proactive outreach to employees supporting general user training, bulletins and other educational materials that help them understand various cybersecurity issues. The main goals are to help you protect your team from common threats, better secure end systems and help employees correctly report cybersecurity incidents

Log Collection & Correlation

Splunk is a platform that allows for log collection, event correlation and dashboarding. We have secured discounted Splunk licenses that are available to you for an additional fee. The SOC provides two license models, stakeholder run and SOC run instances

We Provide

  • Onboarding of Splunk log data into Splunk
  • Security monitoring and correlation (where applicable)

Security Consulting

We are happy to provide security advice for:

  • Supporting new system design
  • Business continuity
  • Disaster recovery planning
  • Securing, monitoring and auditing Microsoft Active Directory

 

Interested? Contact us for more information!

The Texas A&M University System | Security Operations Center | soc@tamus.edu | 979.234.0030