Information Security - Network Security Monitoring

Frequently Asked Questions

Updated March 2015

Network Security Monitoring, Analysis and Alerting

What is Network Security Monitoring?

It is a core security service designed to monitor the state network for cyber attacks and suspected intrusions. DIR monitors the internet traffic that flows to and from the gateways of the state network to the edge of a customer's network.

How does Network Security Monitoring work?

The network traffic is monitored and analyzed in two primary ways:

  • DIR's full-time staff of security analysts monitor network traffic utilizing a suite of security tools to identify anomalous traffic.
  • DIR utilizes a Security Information Management (SIM) system application to monitor the same suite of security tools.

What are Network Security Alerts?

DIR network security analysts provide timely and actionable alerts if any suspicious traffic is identified using our in-house monitoring tools or via an outside intelligence source. Network security alerts are sent to your Information Security Officer (ISO) and any other team members so designated by our ISO.  If you would like additional staff to receive these alerts, please have your ISO or designee contact the NSOC Help Desk.

Are there additional Network Security Services?

Network security monitoring services can also be configured to receive feeds from any customer's external-facing network or security device (e.g., firewalls, intrusion prevention systems). If you are interested in signing up for this free service contact the NSOC Help Desk.

What organizations are eligible to receive DIR's Network Security Services?

Agencies and entities, as defined by TGC 2059, that are eligible to subscribe to DIR's Internet service also receive DIR network security monitoring services. TGC 2059 also defines the following "special districts" as  eligible customers:

  • School districts,
  • Hospital districts,
  • Water districts, or a
  • District or special water authority, as defined by Section 49.001, Water Code.

In addition to DIR's duty under TGC 2059 to provide network security services to state agencies, DIR may, by agreement, provide these services to

  • ​Each house of the legislature;
  • An agency that is not a state agency, including a legislative agency;
  • A political subdivision of this state, including a county, municipality, or special district; and
  • An independent organization, as defined by Section 39.151, Utilities Code.

A connection is made from your agency firewall/IPS device that allows security information (such as via syslog) to be sent to DIR, where a team of full-time security analysts monitor and analyze the information.

How do I receive Network Security Alerts?

DIR will notify you via email if any anomalous activity indicates your network is under attack or if you request assistance in analyzing or documenting security events.