The Security Operations Center (SOC) is currently monitoring Texas A&M University System member networks in order to detect cyber-attacks and other malicious activity. This service is made possible by the sensors placed on each network. The sensors read network telemetry data and then provide it to security personnel for analysis.
Network telemetry data is similar to the information found on a phone bill. For example:
Computer A talked to Computer B on this at this time and lasted X amount of time.
The A&M System network is very large, complex and busy. SOC analysts are faced with triaging and analyzing thousands of alarms every day. The SOC’s sensors will be receiving upgrades next fiscal year in order to reduce the amount of false positive alarms, and improve the ability to detect advanced attacks. The upgrades will allow the sensors to perform behavioral detection on the conversation, but the sensors send summarized information to the analysts. For example:
Computer A talked to Computer B on this at this time and lasted X amount of time. The overall risk to Computer A in this conversation is high because Computer B is known for sending spam, and the last conversation contained malicious software.
The SOC is dedicated to providing an efficient and effective monitoring service while still respecting the privacy of the A&M System faculty, students, and staff.